US11514451B2 - Systems and methods for performing financial transactions using active authentication - Google Patents

Systems and methods for performing financial transactions using active authentication Download PDF

Info

Publication number
US11514451B2
US11514451B2 US13/085,754 US201113085754A US11514451B2 US 11514451 B2 US11514451 B2 US 11514451B2 US 201113085754 A US201113085754 A US 201113085754A US 11514451 B2 US11514451 B2 US 11514451B2
Authority
US
United States
Prior art keywords
transaction
pin
atm
financial transaction
financial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/085,754
Other versions
US20120239572A1 (en
Inventor
Rudolph Christian Wolfs
David Aaron Pinski
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Capital One Services LLC
Original Assignee
Capital One Services LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US13/085,754 priority Critical patent/US11514451B2/en
Application filed by Capital One Services LLC filed Critical Capital One Services LLC
Assigned to ING BANK, FSB (DBA ING DIRECT) reassignment ING BANK, FSB (DBA ING DIRECT) ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PINSKI, DAVID AARON, WOLFS, RUDOLPH CHRISTIAN
Assigned to ING DIRECT N.V. reassignment ING DIRECT N.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ING BANK, FSB, SHAREBUILDER CORPORATION (FORMERLY KNOWN AS NETSTOCK CORPORATION)
Publication of US20120239572A1 publication Critical patent/US20120239572A1/en
Assigned to CAPITAL ONE FINANCIAL CORPORATION reassignment CAPITAL ONE FINANCIAL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ING BANK, N.V.
Priority to US14/577,716 priority patent/US10108959B2/en
Assigned to ING BANK N.V. reassignment ING BANK N.V. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: ING DIRECT N.V.
Assigned to CAPITAL ONE SERVICES, LLC reassignment CAPITAL ONE SERVICES, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CAPITAL ONE FINANCIAL CORPORATION
Priority to US16/145,929 priority patent/US11042877B2/en
Priority to US17/352,831 priority patent/US11836724B2/en
Priority to US17/980,106 priority patent/US20230059316A1/en
Publication of US11514451B2 publication Critical patent/US11514451B2/en
Application granted granted Critical
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • G06Q20/1085Remote banking, e.g. home banking involving automatic teller machines [ATMs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Definitions

  • the disclosed systems and methods relate to financial transactions. More specifically, the disclosed systems and methods relate to financial transactions in which three entities are actively engaged in authenticating a transaction.
  • the financial transactions involving these number-based payment devices are linear transactions that only occur between two active participants: the merchant and the financial institution.
  • the merchant transmits the credit card information to the issuing bank, which approves or declines the transaction based on a status of the account of the party presenting credit card.
  • a single transaction may pass through 3 or more systems for validation.
  • Merchant processors, aggregators, card association systems, and other systems may process data along the way, but do not take part in the authorization of the transaction. Instead, these intermediaries merely add unneeded complexity, unnecessary cost, increased processing time, and an increase in risk for a given transaction.
  • a financial transaction method includes receiving a request to perform a financial transaction at a financial institution, generating a single-use transaction key for the financial transaction, and storing at least a first portion of the transaction key in a storage medium.
  • the transaction key is transmitted to a user that requested the financial transaction, and an authorization request including at least a second portion of the transaction key is received from a merchant.
  • the second portion of the transaction key received from the merchant is compared to the first portion of the transaction key to determine if the transaction should be authorized.
  • An authorization message is transmitted to the merchant if the second portion of the transaction key received from the merchant matches the first portion of the transaction key.
  • the financial transaction is funded from an account of the user if the financial transaction is authorized.
  • a financial transaction system includes a non-transient computer readable storage medium, an engine for generating a substantially random alpha-numeric string, and a processor coupled to the non-transient computer readable storage medium and the engine.
  • the processor is configured to cause the engine to generate a single-use transaction key in response to receiving a request to perform a financial transaction from a user having an account with a financial institution, cause at least a first portion of the single-use transaction key in store the single-use transaction key to be stored in the non-transient computer readable storage medium, and cause the single-use transaction key to be transmitted to the user.
  • the processor is configured to determine if at least a second portion of the single-use transaction key received from a merchant matches the first portion of the single-use transaction key stored in the non-transient computer readable storage medium, and cause a message to be transmitted the merchant authorizing the financial transaction if the second portion of the single-use transaction key matches the first portion of the single-use transaction key.
  • a non-transient machine readable storage medium is encoded with program code, wherein when the program code is executed by a processor, the processor performs a method.
  • the method includes causing a single-use transaction key for a financial transaction to be generated in response to receiving a request to perform a financial transaction from a user having an account at a financial institution, causing the single-use transaction key to be transmitted to the user that requested the financial transaction, comparing a second portion of the single-use transaction key received from a merchant to a first portion of the single-use transaction key stored in the non-transient computer readable storage medium to determine if the transaction should be authorized, and causing a message to be transmitted the merchant authorizing the financial transaction if the second portion of the single-use transaction key matches the first portion of the single-use transaction key.
  • FIG. 1 is a block diagram of one example of a network for performing financial transactions
  • FIG. 2 is one example of an architecture of a mobile financial transaction instrument for performing financial transactions
  • FIG. 3A is a flow chart of one example of a dynamic or active authentication method
  • FIG. 3B is a flow chart of one example of a method performed by a mobile financial transaction instrument during a financial transaction utilizing active authentication
  • FIG. 3C is a flow chart of one example of a method performed by a financial institution during a financial transaction utilizing active authentication
  • FIG. 3D is a flow chart of one example of a method performed by a point-of-sale device of a merchant during a financial transaction utilizing active authentication;
  • FIGS. 4A and 4B illustrate are flow charts of one example of a method of wiring funds to a third party using active authentication
  • FIG. 4C is a flow chart of one example of the functions performed by a computer or mobile financial transaction instrument used by a transferor during a fund transfer method in accordance with FIGS. 4A and 4B ;
  • FIG. 4D is a flow chart of one example of the functions performed by a financial institution in accordance with the fund transfer method illustrated in FIGS. 4A and 4B ;
  • FIG. 4E is a flow chart of one example of the functions performed by an ATM in accordance with the fund transfer method illustrated in FIGS. 4A and 4B ;
  • FIG. 5A illustrates the flow of data in one example of an improved ATM transaction
  • FIG. 5B is a flow chart of one example of the functions performed by a mobile financial transaction instrument in accordance with the ATM transaction illustrated in FIG. 5A ;
  • FIG. 5C is a flow chart of one example of the functions performed by a financial institution in accordance with the ATM transaction illustrated in FIG. 5A ;
  • FIG. 5D is a flow chart of one example of the functions performed by an ATM in accordance with the ATM transaction illustrated in FIG. 5A .
  • FIGS. 6A and 6B are flow charts of one example of a method of performing a person-to-person transaction using active authentication
  • FIG. 6C is a flow chart of one example of the functions performed by a transferor's mobile financial transaction instrument in accordance with the person-to-person transaction illustrated in FIGS. 6A and 6B ;
  • FIG. 6D is a flow chart of one example of the functions performed by the transferor's financial institution during a person-to-person financial transaction in accordance with FIGS. 6A and 6B ;
  • FIG. 6E is a flow chart of one example of the functions performed by a transferee's mobile financial transaction instrument in accordance with the person-to-person transaction illustrated in FIGS. 6A and 6B ;
  • FIG. 6F is a flow chart of one example of the functions performed by a transferee's financial institution in accordance with the person-to-person transaction illustrated in FIGS. 6A and 6B .
  • the disclosed systems and methods for performing financial transactions provide enhanced security compared to conventional methods by effectively eliminating the need to assign credit/debit card numbers that are specific to a mobile financial transaction instrument and an individual. Additionally, the systems and methods for performing financial transactions enable non-numeric identifiers to be utilized in financial transactions such that banks and other financial entities are not confined to the ISO/IEC 7812 numbering scheme having limited account numbers per issuer identification numbers (“IIN”).
  • IIN issuer identification numbers
  • FIG. 1 illustrates one example of a plurality of mobile financial transaction instruments 100 - 1 , 100 - 2 (collectively referred to as “mobile financial transaction instruments 100 ”) communicatively coupled to a plurality of networks and devices through network 10 .
  • Network 10 may be a wide area network (“WAN”), a local area network (“LAN”), personal area network (“PAN”), or the like.
  • network 10 is the Internet and mobile financial transaction instruments 100 are online. “Online” may mean connecting to or accessing source data or information from a location remote from other devices or networks coupled to Internet 10 .
  • “online” may refer to connecting or accessing an electronic network (wired or wireless) via a mobile financial transaction instrument 100 or computer 54 as described below.
  • the Internet is a worldwide system of computer networks—a network of networks in which a party at one computer or other device connected to the network can obtain information from any other computer and communicate with parties of other computers or devices.
  • the most widely used part of the Internet is the World Wide Web (often-abbreviated “WWW” or called “the Web”).
  • hypertext is a method for cross-referencing.
  • certain words or phrases appear in text of a different color than the surrounding text. This text is often also underlined.
  • hot spots such as buttons, images, or portions of images that are “clickable.” Clicking on hypertext or a hot spot causes the downloading of another web page via a protocol such as hypertext transport protocol (“HTTP”).
  • HTTP hypertext transport protocol
  • Web “surfing” is done with a Web browser, the most popular of which presently are Apple Safari, Microsoft Internet Explorer, and Mozilla Firefox.
  • the appearance of a particular website may vary slightly depending on the particular browser used. Versions of browsers have “plug-ins,” which provide animation, virtual reality, sound, and music.
  • Interpreted programs e.g., applets
  • firewall 22 that blocks network connections from the outside world to FI 20 inside the firewall.
  • FI 20 may be a bank, credit union, or any entity that provides demand deposit accounts, issues or processes credit or debit transaction, or the like. It is also understood that firewalls are often governed by a set of rules that specify what IP addresses, ports, and even types of traffic are allowed to connect to machines inside the firewall. It is also understood that other network security defense tools may be employed as part of a defense-in-depth strategy to secure FI 20 including, but not limited to, intranet subnet partitioning, a demilitarized zone, intrusion detection or host-based intrusion prevention systems.
  • FI 20 also includes a processing unit 24 coupled to one or more data storage units 26 - 1 , 26 - 2 (collectively referred to as “data storage units 26 ”).
  • the processing unit 24 provides front-end graphical user interfaces (“GUIs”), e.g., customer GUI 28 , non-customer GUI 30 , and back-end GUIs 32 to a remote computer 54 or to local computer 34 .
  • GUIs graphical user interfaces
  • the GUIs can take the form of, for example, a webpage that is displayed using a browser program local to the remote computers 54 or to local computer 34 .
  • the FI 20 may be implemented on one or more computers 34 , servers 36 , or like devices.
  • FI 20 may include servers programmed or partitioned based on permitted access to data stored in data storage units 26 .
  • Front-and back-end GUIs 28 , 30 , 32 may be portal pages that include various content retrieved from the one or more data storage devices 26 .
  • portal is not limited to general-purpose Internet portals, such as YAHOO! or GOOGLE but also includes GUIs that are of interest to specific, limited audiences and that provide the party access to a plurality of different kinds of related or unrelated information, links and tools as described below.
  • “Webpage” and “website” may be used interchangeably herein.
  • Remote computers 54 may be part of a computer system network 50 and gain access to network 10 through an Internet service provider (“ISP”) 52 .
  • Mobile financial transaction instruments 100 may gain access to network 10 through a wireless cellular communication network, a WAN hotspot, or through a wired or wireless connection with a computer 20 as will be understood by one skilled in the art.
  • a merchant 60 including having a plurality of point-of-sale (“POS”) terminals 62 may be connected to network 10 .
  • POS terminals 62 may be directly connected to network 10 or be connected through a gateway 64 , which may be a processing device coupled to one or more data storage units 66 .
  • An automated teller machine (“ATM”) 70 may also be connected to FI 20 through network 10 .
  • ATM automated teller machine
  • mobile financial transaction instrument 100 includes any mobile device capable of transmitting and receiving wireless signals.
  • a mobile financial transaction instrument may include, but is not limited to, mobile or cellular phones, personal digital assistants (“PDAs”), laptop computers, tablet computers, fobs, music players, and e-readers, to name a few possible devices.
  • PDAs personal digital assistants
  • a mobile financial transaction instrument 100 may be a desktop computer configured to perform financial transaction over a network such as the Internet.
  • FIG. 1 is a block diagram of one example of an architecture of mobile financial transaction instrument 100 .
  • mobile financial transaction instrument 100 may include one or more processors, such as processor(s) 102 .
  • Processor(s) 102 may be any central processing unit (“CPU”), microprocessor, micro-controller, or computational device or circuit for executing instructions and be connected to a communication infrastructure 104 (e.g., a communications bus, cross-over bar, or network).
  • a communication infrastructure 104 e.g., a communications bus, cross-over bar, or network.
  • Mobile financial transaction instrument 100 may include a display 106 that displays graphics, text, and other data received from the communication infrastructure 104 (or from a frame buffer not shown) to a user. Examples of such displays 106 include, but are not limited to, LCD screens and plasma screens, to name a few possible displays.
  • Mobile financial transaction instrument 100 also includes a main memory 108 , such as a random access (“RAM”) memory, and may also include a secondary memory 110 .
  • Secondary memory 110 may include a more persistent memory such as, for example, a hard disk drive 112 and/or removable storage drive 114 , representing a magnetic tape drive, an optical disk drive, or the like.
  • Removable storage drive 114 reads from and/or writes to a removable storage unit 116 in a manner that is understood by one skilled in the art.
  • Removable storage unit 116 represents a magnetic tape, optical disk, or the like, which may be read by and written to by removable storage drive 114 .
  • the removable storage unit 116 may include a tangible machine readable storage medium having stored therein computer software and/or data.
  • secondary memory 110 may include other devices for allowing computer programs or other instructions to be loaded into mobile financial transaction instrument 100 .
  • Such devices may include, for example, a removable storage unit 118 and a corresponding interface 120 .
  • Examples of such units 118 interfaces 120 may include a removable memory chip (such as an erasable programmable read only memory (“EPROM”)) programmable read only memory (“PROM”)), secure digital (“SD”) card and associated socket, and other removable storage units 118 and interfaces 120 , which allow software and data to be transferred from the removable storage unit 118 to mobile financial transaction instrument 100 .
  • EPROM erasable programmable read only memory
  • PROM programmable read only memory
  • SD secure digital
  • Mobile financial transaction instrument 100 may also include a speaker 122 , a camera 124 , a microphone 126 , and an input device 128 .
  • input device 128 include, but are not limited to, a keyboard, buttons, a trackball, or any other interface or device through a user may input data.
  • input device 128 and display 106 are integrated into the same device.
  • display 106 and input device 128 may be touch screen through which a user uses a finger, pen, or stylus to input data into mobile financial transaction instrument 100 .
  • Mobile financial transaction instrument 100 also include one or more communication interfaces 130 , which allows software and data to be transferred between mobile financial transaction instrument 100 and external devices such as, for example, a point-of-sale (“POS”) device, an automated teller machine (“ATM”), a computer, and other devices that may be locally or remotely connected to mobile financial transaction instrument 100 .
  • Examples of the one or more communication interfaces 130 may include, but are not limited to, a modem, a network interface (such as an Ethernet card or wireless card), a communications port, a Personal Computer Memory Card International Association (“PCMCIA”) slot and card, one or more Personal Component Interconnect (“PCI”) Express slot and cards, or any combination thereof.
  • the one or more communication interfaces 130 may also include a wireless interface configured for short range communication, such as near field communication (“NFC”), Bluetooth, or other interface for communication via another wireless communication protocol.
  • NFC near field communication
  • Bluetooth or other interface for communication via another wireless communication protocol.
  • Software and data transferred via the one or more communications interfaces 130 are in the form of signals, which may be electronic, electromagnetic, optical, or other signals capable of being received by communications interfaces 130 . These signals are provided to communications interface 130 via a communications path or channel.
  • the channel may be implemented using wire or cable, fiber optics, a telephone line, a cellular link, a radio frequency (“RF”) link, or other communication channels.
  • RF radio frequency
  • non-transient computer program medium and “non-transient computer readable medium” refer to media such as removable storage units 116 , 118 , or a hard disk installed in hard disk drive 112 .
  • These computer program products provide software to mobile financial transaction instrument 100 .
  • Computer programs (also referred to as “computer control logic”) may be stored in main memory 108 and/or secondary memory 110 . Computer programs may also be received via the one or more communications interfaces 130 . Such computer programs, when executed by a processor(s) 102 , enable the mobile financial transaction instrument 100 to perform the features of the method discussed herein.
  • the software may be stored in a computer program product and loaded into mobile financial transaction instrument 100 using removable storage drive 114 , hard drive 112 , and/or communications interface 130 .
  • the software when executed by a processor(s) 102 , causes the processor(s) 102 to perform the functions of the method described herein.
  • the method is implemented primarily in hardware using, for example, hardware components such as application specific integrated circuits (“ASICs”). Implementation of the hardware state machine so as to perform the functions described herein will be understood by persons skilled in the art.
  • the method is implemented using a combination of both hardware and software.
  • computers 34 and 54 , server 36 , POS devices 62 , and ATM 70 may have a similar architecture to the mobile financial transaction instruments 100 illustrated in FIG. 2 .
  • the computing devices may include one or more processors 102 , a communication infrastructure 104 , a display 106 , main and/or secondary memories 108 , 110 , a speaker 122 , a camera 124 , a microphone 126 , an input device 128 , and one or more communication interfaces 130 .
  • one or more of the computing devices may have a different architecture than the mobile financial transaction instrument 100 illustrated in FIG. 2 .
  • one or more of the computing devices may include each of the functional components illustrated in FIG. 2 except for speaker 122 , camera 124 , and/or microphone 126 .
  • a user may gain access to financial institution 20 by using a device 34 , 54 , 100 programmed with a Web browser or other software, to locate and select (such as by clicking with a mouse) a particular webpage.
  • the content of the webpage is located on the one or more data storage devices 26 .
  • Devices 34 , 54 may be microprocessor-based computers that can communicate through the Internet using the Internet Protocol (IP), Kiosks with Internet access, connected personal digital assistants or PDAs (e.g., a PALM device manufactured by Palm, Inc., IPAQ device available from Compaq, iPhone from Apple or Blackberry from Research In Motion), or other devices capable of interactive network communications, such as an electronic personal planner.
  • IP Internet Protocol
  • PDAs personal digital assistants
  • FI 20 may provide separate features and functionality for front-end users, such as customers and non-customers, and back-end users that manage the FI 20 .
  • FIGS. 3A-3D illustrate one example of an active authentication (“AA”) method.
  • AA active authentication
  • FIG. 3A which is a flow chart of a financial transaction using an improved AA method
  • the financial transaction begins with a user logging onto the website of a FI 20 .
  • the user may access the website using mobile financial transaction instrument 100 or a computer 54 .
  • the user may access a website of the FI 20 via an application that has been downloaded and installed on mobile financial transaction instrument 100 .
  • Mobile financial transaction instrument 100 or computer 54 establishes a connection with server 36 on which the FI's website resides using HTTP secure (“HTTPS”) or other encrypted communication protocol.
  • HTTPS HTTP secure
  • the FI's website may authenticate the user based on data received from mobile financial transaction instrument 100 or computers 34 , 54 .
  • data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
  • a message is transmitted via HTTPS or other encryption communication protocol to mobile financial transaction instrument 100 or computer 54 .
  • the message may be displayed in a GUI 28 that on display 106 of input device 128 or computer 54 that provides a user with one or more editable fields or input buttons.
  • the GUI displayed to the user may enable the user to identify various parameters concerning an upcoming financial transaction.
  • Examples of such data that a user may enter may include, but not be limited to, a name of a merchant, a type of merchant (e.g., a clothing store, a food store, a gas station, movie theater, etc.), a location of the merchant, a period of time during which the transaction is to be executed (e.g., next ten minutes, next two hours, next five days, etc.), a type of transaction (e.g., credit, debit, etc.), and a maximum authorized amount, to name a few potential parameters.
  • a name of a merchant e.g., a clothing store, a food store, a gas station, movie theater, etc.
  • a location of the merchant e.g., a period of time during which the transaction is to be executed (e.g., next ten minutes, next two hours, next five days, etc.)
  • a type of transaction e.g., credit, debit, etc.
  • a maximum authorized amount e.g., to name a
  • FI 20 receives the parameters of the financial transaction from the mobile financial transaction instrument 100 or computer 54 and prepares an AA transaction key that is unique for the transaction and is valid for a limited period of time.
  • the transaction key is configured such that the key is compatible with existing financial transaction systems.
  • the single-use AA transaction keys may include 16-20 individual value positions in which the first several (e.g., 2, 3, etc.) positions identify the financial institution that issued the transaction key and the remaining characters identify the transaction.
  • the AA transaction key may include fewer or more values.
  • the AA transaction keys may be alpha numeric such that the transaction key is distinguishable from legacy credit card numbers that only utilize numbers.
  • Such AA transaction keys that are generated on a per-transaction basis, are valid for a limited amount of time, and do not include static identifiers that identify an account of a user (e.g., a static credit card number) provide enhanced security compared to conventional card verification values (“CVV”) and card verification codes (“CVC”).
  • CVV and CVC are pseudorandom numbers that provide additional layers of security on top of the existing credit card infrastructure and cannot be used to perform a financial transaction without being accompanied by a static credit card or account number.
  • the AA transaction key is a random alpha-numeric string that does not include any personal account information that may be misappropriated and used at a later time for a fraudulent transaction. Consequently, financial transactions performed using AA transaction keys do not need to be highly encrypted since the AA transaction keys have limited value and cannot be repeatedly used to perform unauthorized and/or fraudulent transactions.
  • a copy of the AA transaction key may be locally or remotely stored by FI 20 in a data storage unit 26 for later use as described below.
  • the manner in which a financial institution generates an AA transaction key may differ from the manner in which other financial institutions generate the AA transactions keys.
  • some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
  • the one or more portions of the AA transaction key that identifies or is based on a user's account may be confidential with respect to the financial institution that generates the AA transaction, and the location of the user account information or user account-based data in the AA transaction key may vary from one financial institution to another.
  • some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • FI 20 forwards a copy of the AA transaction key to mobile financial transaction instrument 100 or to computer 54 where it is stored in a computer readable storage medium such as main memory 108 or secondary memory 110 .
  • Mobile financial transaction instrument 100 or computer 54 transmits a message to FI 20 once the unique transaction key for the financial transaction has been stored by mobile financial transaction instrument 100 or computer 54 at which point the financial transaction is pending.
  • POS device 62 may be a terminal configured to perform contactless transactions by sending and receiving data using NFC, Bluetooth, or through other wireless communication protocols.
  • items selected from the shelves of a merchant are scanned by the user or an employee of the merchant.
  • a user places mobile financial transaction instrument 100 near POS device 62 , which transfers the stored unique financial transaction key from mobile financial transaction instrument 100 to POS device 62 .
  • the user clicks a check-out or other button displayed on a GUI displayed on display 106 of computer 54 .
  • the GUI may present the user with the ability to select the method by which the user will pay for goods or services.
  • the user may select an active authentication option that causes the stored AA transaction key to be transmitted to merchant 60 .
  • Merchant 60 or POS device 62 transmits a message including the unique transaction key directly to FI 20 .
  • the message transmitted from merchant 60 or POS device 62 to FI 20 may also include data provided by merchant 60 or POS device 62 such as, for example, a total transaction amount, a merchant ID, or other merchant-specific or transaction specific data as will be understood by one skilled in the art.
  • the message from merchant 60 or POS device 62 may be transmitted to FI 20 using a closed network connection.
  • the routing of data from a merchant 60 to FI 20 may be implemented in a plurality of ways.
  • a new routing system (referred to herein as an “AA Registry”) is used by merchant 60 and POS device 62 in order to properly route the message including the unique transaction key to the appropriate financial institution.
  • the AA Registry is configured to identify a particular financial institution based on the first several values of the unique transaction key.
  • the AA Registry may include routing data including, but not limited to, IP addresses, routing numbers, and other data for routing messages between financial institutions 20 and merchants 60 .
  • the AA Registry may be a public registry operated by an entity that is trusted by both merchants and financial institutions.
  • the trusted entity may vet each entity that registers its data (e.g., company name or identification, IP address(es), etc.) with the AA Registry.
  • merchant banking data is also stored by the AA Registry. For example, an ABA routing number and account number of the merchant's financial institution may be registered with the AA Registry and used for merchant verification as described below.
  • a public registry may not be provided and the routing data may be locally stored at each merchant and financial institution.
  • a merchant that performs a large volume of financial transactions may exchange routing information in the form of a data table with one or more financial institutions. Regardless of the manner in which the routing data is acquired by the merchant 60 or POS device 62 , merchant 60 or POS device 62 directly routes the financial transaction message to FI 20 instead of routing the message through various layers of a complicated credit card network.
  • FI 20 receives the message from merchant 60 or POS device 62 and extracts the embedded data including the AA transaction key.
  • the embedded data and AA transaction key are used by FI 20 to approve or decline the transaction.
  • FI 20 may also validate merchant 60 with the AA Registry to provide enhanced security against fraud. For example, FI 20 may extract the merchant ID and IP address from which the authorization request message was received and transmit a message to AA Registry requesting confirmation that merchant 60 from which the authorization request message was received is listed in the registry and the merchant ID matches the IP address stored by the AA Registry for the merchant. If merchant 60 is not validated by the AA Registry, then FI 20 may decline the transaction and send a message to the mobile financial transaction instrument 100 of the user. If merchant 60 is validated by the AA Registry, then FI 20 may continue authorizing the transaction.
  • the extracted AA transaction key is used to retrieve the predetermined parameters for the financial transaction from one or more of data storage devices 26 .
  • FI 20 compares the other data included in the message received from merchant 60 or POS device 62 , e.g., total amount, merchant ID or information, etc., to the parameters associated with the unique transaction key and determines if the transaction should be validated. For example, if the amount in the message received from merchant 60 or POS device 62 exceeds the maximum transaction amount received from mobile financial transaction instrument 100 or computer 54 that is stored in data storage device 26 , then FI 20 may transmit a message to merchant 60 or POS device 62 identifying that the transaction has been declined.
  • FI 20 may authorize the transaction.
  • FI 20 may fund the transaction via an automated clearing house (“ACH”), account transfer, or other form of fund transfer from FI 20 to merchant 60 .
  • ACH automated clearing house
  • the financial transaction may include additional steps for providing enhanced security.
  • FI 20 may be configured to transmit a validation request to mobile financial transaction instrument 100 or computer 54 upon receiving the unique transaction key from merchant 60 or POS device 62 and verifying the transaction parameters.
  • Mobile financial transaction instrument 100 or computer 54 displays a message on display 106 requesting user to use input device 128 to approve or decline the transaction.
  • mobile financial transaction instrument 100 or computer 54 transmits the user's input to FI 20 .
  • FI 20 In response to verifying (or declining) the financial transaction either internally or by receiving the user's validation of the financial transaction, FI 20 transmits a message to merchant 60 or POS device 62 identifying if the transaction should be approved or declined. If the financial transaction is approved by FI 20 and/or the user of mobile financial transaction instrument 100 , then merchant 60 or POS device 62 executes and completes the financial transaction. FI 20 may also transmit a message to mobile financial transaction instrument 100 or computer 54 identifying that the transaction has been confirmed and completed.
  • FIG. 3B A flow chart of the a method 300 performed by mobile financial transaction instrument 100 during a financial transaction that utilizes active authentication are illustrated in FIG. 3B .
  • mobile financial transaction instrument 100 establishes a connection with a website provided by FI 20 at block 302 .
  • the connection may be established between mobile financial transaction instrument 100 and server 36 using HTTPS or another encrypted communication link.
  • a user may access a customer portal 28 of FI 20 where the user inputs a username or customer ID along with a password.
  • the access to the website may be provided through a browser on mobile financial transaction instrument 100 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100 .
  • mobile financial transaction instrument 100 receives the parameters of the financial transaction input by user using input device 128 .
  • the parameters of the financial transaction may include, but not be limited to, the type of transaction that is to be performed (i.e., credit, debit, or the like), a name and/or location of a merchant, and an authorized transaction amount.
  • Mobile financial transaction instrument 100 forwards the parameters of the financial transaction to FI 20 at block 306 .
  • mobile financial transaction instrument 100 receives a unique AA transaction key for the financial transaction, which is stored in a computer readable storage medium at block 310 .
  • mobile financial transaction instrument 100 may store the AA transaction key in main memory 108 or secondary memory 110 .
  • Mobile financial transaction instrument 100 transmits a message to FI 20 confirming receipt of the AA transaction key at block 312 .
  • mobile financial transaction instrument 100 transmits the stored financial transaction key to POS device 62 .
  • the transaction key may be wirelessly transmitted using NFC or other communication method.
  • mobile financial transaction instrument 100 may receive a message from FI 20 requesting the user to validate the financial transaction at block 316 , and in response, mobile financial transaction instrument 100 displays the message to a user on display 106 and receives a user input from input device 128 at block 318 .
  • mobile financial transaction instrument 100 transmits the data input by the user to FI 20 at block 320 .
  • Mobile financial transaction instrument 100 may receive a transaction receipt or message identifying that the transaction is complete from FI 20 and/or POS device 62 at block 322 .
  • FIG. 3C illustrates a method 320 performed by a computing device 34 , 36 of FI 20 during a financial transaction that utilizes active authentication.
  • a connection is established with a mobile financial transaction instrument 100 or computer 54 .
  • the connection with mobile financial transaction instrument 100 may be established using HTTPS or another encrypted communication link.
  • FI 20 authenticates the user by confirming that the username or customer number and password received from mobile financial transaction instrument 100 correspond to a user account with the FI 20 at block 324 .
  • FI 20 receives data defining a financial transaction from mobile financial transaction instrument 100 or computer 54 .
  • the data defining the financial transaction may include, but are not limited to, a name or type of a merchant at which the financial transaction is to be performed (e.g., a clothing store, a food store, a gas station, movie theater, etc.), a location of the merchant, a period of time during which the transaction is to be executed (e.g., next thirty minutes, next three hours, next week, etc.), a transaction type (e.g., credit, debit, etc.) and a maximum authorized transaction amount, to name a few potential parameters of the financial transaction.
  • a name or type of a merchant at which the financial transaction is to be performed e.g., a clothing store, a food store, a gas station, movie theater, etc.
  • a location of the merchant e.g., a location of the merchant
  • a period of time during which the transaction is to be executed e.g., next thirty minutes,
  • the single-use AA transaction key may be an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the transaction key and the remainder of the transaction key may be a random string that does not include any personal account identification information related to the user.
  • the AA transaction key may be generated by a random number generator that appends the random alpha numeric string to a prefix that identifies the financial institution that generates the AA transaction key.
  • the manner in which a financial institution generates an AA transaction key may differ from the manner in which other financial institutions generate the AA transactions keys.
  • some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
  • the one or more portions of the AA transaction key that identifies or is based on a user's account may be confidential with respect to the financial institution that generates the AA transaction, and the location of the user account information or user account-based data in the AA transaction key may vary from one financial institution to another.
  • some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • the financial transaction key is stored in a computer readable storage medium, such as data storage devices 26 , along with the data received from mobile financial transaction instrument 100 that identify the parameters of the authorized financial transaction.
  • FI 20 transmits the AA transaction key to mobile financial transaction instrument 100 .
  • FI 20 receives and processes a request to validate a financial transaction from a POS device 62 at block 334 .
  • FI 20 extracts data from message and verifies the authenticity of the AA transaction key.
  • the authentication of the AA transaction key may include searching data storage devices 26 to ensure that the AA transaction key has been generated and stored.
  • FI 20 may also compare data in the message received from POS device 62 to data stored in data storage devices 26 that is associated with the AA transaction key and was received from mobile financial transaction instrument 100 .
  • FI 20 may check to ensure that the transaction amount received from POS device 62 is less than or equal to the authorized transaction amount received from mobile financial transaction instrument block 326 , may check that the POS device 62 from which the AA transaction key was received is associated with a merchant 60 that is of the type the user authorized at block 326 , or may check to confirm other data received from POS device 62 is in accordance with the user-approved parameters of the financial transaction.
  • FI 20 may also validate the identity and existence of merchant 60 to provide enhanced security against fraud. For example, FI 20 may extract the merchant ID and the IP address from which the authorization request message was received and transmit the extracted information to the AA Registry. FI 20 receives a response from the AA Registry confirming or denying the existence or identification of the merchant 60 from which the POS device 62 is associated. If the message received from the AA Registry identifies that the information received from POS device 62 of merchant 60 does not match information on file with the AA Registry (i.e., the information is fraudulent or the merchant does not exist), then FI 20 may terminate or decline the transaction. If the message received from the AA Registry identifies that the information received from POS device 62 of merchant 60 matches information on file with the AA Registry, then FI 20 may continue authorizing the transaction.
  • FI 20 transmits a validation request to mobile financial transaction instrument 100 that is based on the data received from POS device 62 at block 336 .
  • the validation request may include various parameters concerning the financial transaction that are to be displayed on display 106 of mobile financial transaction instrument 100 and requests the user to validate the transaction using mobile financial transaction instrument 100 .
  • FI 20 receives a message from payment 100 that identifies if the user approved or denied the transaction.
  • FI 20 determines if the transaction should be approved or denied at decision block 340 .
  • the decision to approve or decline the financial transaction may be based on the single-use AA transaction key received from POS device 54 , by comparing the data received from POS device 62 to the data received from mobile financial transaction instrument 100 , including the single-use AA transaction key, and/or by determining if merchant 60 is fraudulent.
  • FI 20 may also base the authorization decision on the user's response to the validation request received by FI 20 at block 338 .
  • FI 20 declines the transaction at block 342 and transmits a transaction declined message to POS device 62 and/or to mobile financial transaction instrument 100 at block 344 .
  • the transaction may be declined if the amount of the transaction exceeds the pre-approved transaction amount, if the single-use transaction key either does not exist or has expired, the user declines the transaction when prompted on the mobile financial transaction instrument 100 , or for other reasons such as FI 20 determining that merchant 60 is fraudulent or does not exist.
  • FI 20 approves the transaction at block 346 and transmits a transaction approved message to POS device 62 and/or to mobile financial transaction instrument 100 at block 348 .
  • FI 20 may approve the transaction based on the single-use transaction key, if the parameters of the transaction received from POS device 62 sufficiently match the pre-defined financial transaction parameters entered by the user, and/or if the response to the transaction authorization message received from mobile financial transaction instrument 100 identifies the transaction as being approved.
  • FIG. 3D illustrates a method 360 performed by POS device 62 during a financial transaction that utilizes active authentication.
  • Method 360 begins with POS device 62 receiving a single-use transaction key from mobile financial transaction instrument 100 .
  • the transaction key may be received from mobile financial transaction instrument 100 using NFC, Bluetooth, or another wireless transmission protocol.
  • POS device 62 generates data for the financial transaction for transmission to FI 20 . Examples of the financial transaction data may include, but are not limited to, a merchant ID, the total amount of the transaction, a location of the merchant, to list a few possibilities.
  • POS device 62 transmits a message to FI 20 at block 366 requesting approval of the financial transaction.
  • the message transmitted from POS device 62 may include the transaction key received from mobile financial transaction instrument 100 and financial transaction data generated by POS device 62 .
  • the message transmitted from POS device 62 to FI 20 may be transmitted over a closed network connection.
  • POS device 62 may obtain the IP address or other contact information for FI 20 by contacting the AA Registry. For example, PO device 62 may strip off the first several characters of the AA transaction key received from mobile financial transaction instrument 100 and send these characters to the AA Registry. POS device 62 may receive the IP address or other contact information for routing the AA transaction key to FI 20 from the AA Registry. In some embodiments, POS device 62 retrieves the IP address of the financial institution from a local non-transient computer readable storage medium in which the financial institution contact information is associated with the identifiers of the financial institution that are included in the AA transaction key.
  • POS device 62 receives a message from FI 20 identifying if the financial transaction has been approved or declined.
  • the message may be received from financial transaction over the same closed network connection over which POS device 62 transmitted the authorization request. If the message received from FI 20 identifies that the transaction has been declined, then POS device 20 cancels the financial transaction at block 370 .
  • Canceling the financial transaction may include displaying a message on a display that the transaction has been declined and/or transmitting a message to mobile financial transaction instrument 100 that causes a message to be displayed on display 106 that the transaction has been declined.
  • the financial transaction completed at block 372 Completing the financial transaction may include displaying a message on a display of POS device 62 that the transaction has been approved and/or transmitting a message to mobile financial transaction instrument 100 that causes a message to be displayed on display 106 that the transaction has been approved.
  • FIGS. 4A and 4B illustrate the transmission of data between a transferor (person transferring funds), a financial institution, a transferee (person receiving funds), and an ATM.
  • a fund transfer transaction begins with the transferor logging into a website of FI 20 .
  • the transferor may log onto the website using a computer 54 or by using a mobile application or web browser installed on a mobile financial transaction instrument 100 .
  • Mobile financial transaction instrument 100 or computer 54 establishes a connection with server 36 on which the FI's website resides using HTTPS or other encrypted communication protocol, and the financial institution's website may authenticate the user based on data received from mobile financial transaction instrument 100 or computers 34 , 54 .
  • data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
  • a message is transmitted via HTTPS or other encryption communication protocol to mobile financial transaction instrument 100 or computer 54 .
  • the message may be displayed in a GUI 28 that is displayed on display 106 of mobile financial transaction instrument 100 or computer 54 that provides a user with one or more editable fields or input buttons.
  • the GUI displayed to the user may enable the user to identify various parameters concerning an upcoming fund transfer transaction.
  • Examples of such data that a user may enter may include, but not be limited to, the amount of the fund transfer, an account from which the funds are to be transferred, a phone number or other unique identifier (e.g., an international mobile subscriber identity (“IMSI”), an electronic serial number (“ESN”), or a media access control (“MAC”) address) of the mobile financial transaction instrument of the transferee, and a time period during which the fund transfer may be performed, to name a few possible data entries.
  • IMSI international mobile subscriber identity
  • ESN electronic serial number
  • MAC media access control
  • FI 20 may generate a GUI that displays the parameters of the fund transfer transaction and requests the transferor to confirm the transaction.
  • FI 20 Upon receiving a confirmation of the transaction, which may be received by FI 20 in response to the transferor using an input device 128 of mobile financial transaction instrument 100 or computer 54 , FI 20 prepares a unique AA transaction key and a PIN for the wiring transaction.
  • the AA transaction key may be an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the AA transaction key and the remainder of the AA transaction key may be a random string that does not include any personal account or otherwise static identification information related to the user.
  • the AA transaction key is generated by a random number generator that appends the random alpha numeric string to a prefix that identifies the financial institution that generates the AA transaction key.
  • the manner in which a financial institution generates an AA transaction key may differ from the manner in which other financial institutions generate the AA transactions keys.
  • some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
  • a copy of the unique AA transaction key and PIN may be locally or remotely stored by FI 20 in a data storage unit 26 for later use as described below. Additionally, FI 20 may transfer funds from the transferor's bank account to a wash or other holding account and transmit the PIN to mobile financial transaction instrument 100 of the transferee. The PIN may be transmitted to the transferee's mobile financial transaction instrument 100 via short message service (“SMS”), email, voice mail, or via any other messaging manner as will be understood by one skilled in the art.
  • SMS short message service
  • transferee logs onto a website of FI 20 using the transferee's mobile financial transaction instrument 100 .
  • transferee downloads and installs a mobile application onto the transferee's mobile financial transaction instrument 100 .
  • the transferee does not need to have an account or be otherwise associated with FI 20 .
  • the mobile application establishes a connection with server 36 of FI 20 using HTTPS or other encrypted communication protocol.
  • the transferee may enter the PIN into GUI 30 displayed on display 106 of the transferee's mobile financial transaction instrument 100 .
  • FI 20 validates the PIN received from mobile financial transaction instrument 100 and retrieves the parameters of the wiring transaction from data storage device 26 .
  • the details of the wiring transaction may be presented to the transferee on a GUI 30 displayed on display 106 of mobile financial transaction instrument 100 .
  • the transferee may accept the funds by using input device 128 to indicate his/her acceptance of the fund transfer on GUI 30 .
  • FI 20 retrieves the single-use AA transaction key from data storage devices 26 in response to the transferee's input accepting the fund transfer.
  • the AA transaction key is transmitted from FI 20 to the mobile financial transaction instrument 100 of the transferee.
  • the AA transaction key is stored in a computer readable storage medium, such as main memory 108 and/or secondary memory 110 , on mobile financial transaction instrument 100 .
  • the transferee approaches an ATM 70 that is equipped with a wireless transmission module for transferring and receiving data from mobile financial transaction instrument 100 .
  • wireless transmission modules include, but are not limited to, modules that enable ATM 70 to transmit and receive data via NFC, Bluetooth, or through other wireless communication protocols.
  • the transferee initiates a withdrawal of funds from ATM 70 by placing mobile financial transaction instrument 100 near ATM 70 such that the AA transaction key is transmitted to ATM 70 .
  • ATM 70 generates a second PIN in response to receiving the AA transaction key from mobile financial transaction instrument 100 .
  • the PIN and AA transaction key are transmitted from ATM 70 to FI 20 in a request to authorize the disbursement of funds.
  • ATM 70 may query the AA Registry using the first several characters of the AA transaction key to acquire the contact information for FI 20 , or ATM 70 may be able to determine the contact information for FI 20 based on a locally stored database in which the first several characters of the AA transaction key are associated with the contact information for the financial institution.
  • FI 20 determines if the funds should be disbursed by ATM 70 based on the AA transaction key embedded within the authorization request message received from ATM 70 , which may be received through a closed network connection. If the transaction key is validated, FI 20 transmits a message authorizing the disbursement of funds to ATM 70 via the closed network connection and transmits the second PIN to the mobile financial transaction instrument 100 of the transferee.
  • the second PIN may be received at mobile financial transaction instrument 100 and be automatically transferred to ATM 70 via a wireless communication channel.
  • the second PIN may be received at mobile financial transaction instrument 100 , which notifies the transferee in response.
  • Such notification may include flashing an LED of mobile financial transaction instrument 100 , displaying a message on display 106 , and/or causing mobile financial transaction instrument 100 to vibrate or emit a noise, to list a few potential notification possibilities.
  • the transferee may input the second PIN directly into ATM 70 using an input device of ATM 70 .
  • ATM 70 receives the second PIN from mobile financial transaction instrument 100 and verifies that the PIN matches the PIN that was transmitted to FI 20 . If ATM 70 confirms that the PIN received from mobile financial transaction instrument 100 matches the PIN transmitted to FI 20 , then ATM 70 releases the funds to transferee.
  • FIG. 4C is illustrates one example of a method 400 that may be performed by a mobile financial transaction instrument 100 or computer 54 accessed by a transferor during a fund transfer transaction such as the one illustrated in FIGS. 4A and 4B .
  • mobile financial transaction instrument 100 or computer 54 establishes a connection with a website provided by FI 20 .
  • the connection may be established between computer 54 or mobile financial transaction instrument 100 and server 36 using HTTPS or other encrypted communication link.
  • the transferor may access a customer portal 28 of FI 20 where the transferor inputs a username or customer ID along with a password.
  • the access to the website may be provided through a browser on computer 54 or mobile financial transaction instrument 100 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100 .
  • the transferor may enter parameters of the fund transfer into GUI 28 of the website provided by FI 20 , which are transferred to FI 20 at block 404 .
  • the parameters include, but are not limited to, the amount of funds to be transferred, the account from which the funds are to be sourced, and a period of time during which the funds transfer is to be performed, to list only a few possible parameters.
  • the transferor may also provide a phone number or other identification number of the transferee's mobile financial transaction instrument 100 at block 404 . In some embodiments, an email address of the transferee in addition to, or instead of, the phone number of the transferee's mobile financial transaction instrument 100 may be provided.
  • financial transaction device 100 or computer 54 may receive a request from FI 20 requesting the transferee to confirm and authorize the fund transfer at block 406 .
  • computer 54 or mobile financial transaction instrument 100 may display a message or GUI 28 on display 106 requesting the transferor to use input device 128 to confirm and authorize the transaction.
  • Transferor may use input device 128 to confirm and authorize the transaction in response to the prompt displayed on display 106 , which is then transferred from computer 54 or mobile financial transaction instrument 100 to FI 20 at block 408 .
  • FIG. 4D illustrates a method 420 performed by FI 20 during a funds transfer transaction such as the funds transfer transaction illustrated in FIGS. 4A and 4B .
  • FI 20 establishes a connection with mobile financial transaction instrument 100 or computer 54 at block 422 .
  • the connection may be established between FI 20 and computer 54 or mobile financial transaction instrument 100 using HTTPS or other encrypted communication link.
  • FI 20 authenticates the credentials of the transferor received from computer 54 or mobile financial transaction instrument 100 .
  • Authenticating the transferor's login information may include comparing the username or customer ID and password to a database stored in data storage devices 26 that includes each of a plurality of customer usernames or identification numbers associated with a password.
  • FI 20 receives a request for transferring funds to a third party at block 426 .
  • the request may include various parameters defining the transaction such as, for example, the amount of funds to be transferred, the account from which the funds are to be withdrawn, and an amount of time during which the funds may be transferred.
  • FI 20 may also receive a phone number or other identification number, such as a MAC address, IMSI or ESN, of the transferee's mobile financial transaction instrument 100 at block 404 .
  • FI 20 may receive an email address of the transferee in addition to, or instead of, the phone number of the transferee's mobile financial transaction instrument 100 .
  • FI 20 prepares the funds transaction. For example, FI 20 may check to ensure that the amount of funds to be transferred is less than the total amount of funds available for withdrawal in the account identified by transferor, store the parameters of the transaction in a computer readable storage medium, and cause a transaction confirmation GUI to be displayed to transferor. FI 20 receives an authorization for the transaction from computer 54 or mobile financial transaction instrument 100 being used by transferor at block 430 .
  • FI 20 generates a one-time AA transaction key and a PIN, which are stored in one or more data storage device 26 .
  • the AA transaction key can be a random alpha numeric string that is appended to a prefix that identifies the financial institution that generated the transaction key.
  • the random portion of the AA transaction key may be generated by a random number generator.
  • the AA transaction key does not include static user account information that may be stolen by a third party and used to gain access to the user's funds.
  • some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
  • the one or more portions of the AA transaction key that identifies or is based on a user's account may be confidential with respect to the financial institution that generates the AA transaction, and the location of the user account information or user account-based data in the AA transaction key may vary from one financial institution to another.
  • some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • FI 20 transmits the PIN to transferee's mobile financial transaction instrument 100 at block 434 .
  • the PIN is transmitted to via SMS messaging, although one skilled in the art will understand that the PIN may be transmitted via email, telephonically, or via any other messaging manner.
  • FI 20 transfers the funds that are to be transferred to a third party from the transferor's account to a wash account or other temporary holding account for later disbursement.
  • a connection is established with the transferee's mobile financial transaction instrument 100 - 1 at block 438 .
  • the connection may be established using HTTPS or another encrypted communication protocol through which the transferee gains access to a GUI 30 provided by FI 20 .
  • FI 20 validates the PIN received from mobile financial transaction instrument 100 of the transferee and uses the PIN to retrieve data for the fund transfer transaction from one or more of the data storage device 26 .
  • GUI 30 provided by FI 20 requests transferee to confirm the funds transfer at block 442 . If transferee accepts the funds, then at block 444 FI 20 transfers the at least partially random AA transaction key to mobile financial transaction instrument 100 of the transferee.
  • FI 20 receives an authorization request from ATM 70 .
  • the authorization request may be received at FI 20 from ATM 70 via a closed network connection and includes the AA transaction key and a second PIN generated by ATM 70 .
  • FI 20 confirms that the AA transaction key matches a copy of the AA transaction key stored in data storage device 26 and checks to ensure that the authorized time for the funds transfer as identified by the transferor has not lapsed.
  • FI 20 transmits an authorization message to ATM 70 via the closed connection at block 450 and transmits the second PIN received from ATM 70 to the mobile financial transaction instrument 100 of the transferee at block 452 .
  • FIG. 4E illustrates a method 460 performed by an ATM 70 during a funds transfer transaction such as the funds transfer transaction illustrated in FIGS. 4A and 4B .
  • ATM 70 receives an AA transaction key from the mobile financial transaction instrument 100 of transferee at block 462 .
  • the AA transaction key is received from the transferee's mobile financial transaction instrument 100 via a wireless transmission protocol such as NFC, Bluetooth, or the like.
  • ATM 70 generates a PIN in response to receiving the transaction key from mobile financial transaction instrument 100 .
  • the PIN may be a multi-digit number generated by a random number generator as will be understood by one skilled in the art. If the PIN is to be keyed into the ATM 70 , then the PIN is numeric such that it may be used with conventional ATMs. However, if ATMs are capable of receiving alpha numeric codes via keypads or if the PIN is to be entered on the mobile financial transaction instrument 100 and then transferred to the ATM, then the PIN may be alpha numeric.
  • ATM 70 transmits a validation request to financial institution 20 at block 466 .
  • the validation request message is transmitted via a closed network connection and includes the ATM-generated PIN.
  • the validation request message may also include a copy of the AA transaction key received from mobile financial transaction instrument 100 .
  • ATM 70 may query the AA Registry for the contact information of FI 20 based on the AA transaction key. For example, ATM 70 may forward the first several characters of the AA transaction key to the AA Registry, which then uses the received characters to identify the financial institution that generated the AA transaction key and the contact information (e.g., IP address) for the financial institution. In some embodiments, ATM 70 may have the appropriate contact information for the financial transaction locally stored in a non-volatile computer readable storage medium.
  • ATM 70 receives a message from FI 20 authorizing the disbursement of funds at block 468 .
  • the message received from FI 20 authorizing the disbursement may be received over the same closed network connection between ATM 70 and FI 20 that was used to transmit the authorization request from ATM 70 to FI 20 .
  • ATM 70 receives the ATM-generated PIN.
  • the ATM-generated PIN is received from mobile financial transaction instrument 100 via NFC, Bluetooth, or in accordance with another wireless connection protocol.
  • ATM 70 receives the ATM-generated PIN by the transferee entering the PIN using an input device 128 of the ATM in response to being prompted by ATM 70 .
  • ATM 70 may display a message on display 106 of ATM 70 requesting the transferee to enter the ATM-generated PIN using input device 128 of ATM 70 .
  • ATM 70 determines if the PIN received from transferee matches the ATM-generated PIN that ATM 70 transmitted to FI 20 . If the received PIN does not match the ATM generated PIN, which may be stored in a computer readable storage medium, such as main memory 108 and/or secondary memory 110 , then ATM 70 declines the transaction at block 474 .
  • ATM 70 may display a message on display 106 that the transaction has been declined when declining the transaction.
  • ATM 70 transmits a message to FI 20 identifying that the transaction was declined and the funds were not disbursed due to the PIN received by ATM 70 not matching the stored ATM-generated PIN.
  • ATM 70 determines that the received PIN matches the stored version of the ATM-generated PIN at decision block 472 , then ATM 70 approves the transaction at block 478 . At block 480 , ATM 70 disburses the funds to the transferee to complete the fund transfer.
  • mobile financial transaction instrument 100 may also be used to perform near-instant transactions at an ATM.
  • a user logs into a website of FI 20 using a computer 34 , 54 , a mobile financial transaction instrument 100 , or any other device programmed with a Web browser or other software to locate and select (such as by clicking with a mouse) a particular webpage.
  • the user may access a website of the FI 20 via a mobile application that has been downloaded and installed on mobile financial transaction instrument 100 .
  • Mobile financial transaction instrument 100 or computer 54 establishes a connection with server 36 on which the FI's website resides using HTTPS or other encrypted communication protocol.
  • the FI's website authenticates the user based on data received from mobile financial transaction instrument 100 or computers 34 , 54 .
  • data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
  • a message is transmitted via HTTPS or other encryption communication protocol to mobile financial transaction instrument 100 or computer 34 , 54 .
  • the message may be displayed in a GUI 28 that on display 106 of input device 128 or computer 54 that provides a user with one or more editable fields or input buttons.
  • the GUI displayed to the user may enable the user to identify various parameters concerning an upcoming financial transaction that is to take place at an ATM 70 .
  • Examples of such data that a user may enter may include, but not be limited to, the type of transaction (e.g., a withdrawal, a deposit, and/or a fund transfer), a location of the ATM, a period of time during which the ATM transaction is to be executed (e.g., next twenty minutes, next four hours, the next day, etc.), an account of the user from which funds are to be withdrawn or into which they are to be deposited, and an amount of the transaction, to name a few potential parameters.
  • the type of transaction e.g., a withdrawal, a deposit, and/or a fund transfer
  • a location of the ATM e.g., a location of the ATM
  • a period of time during which the ATM transaction is to be executed e.g., next twenty minutes, next four hours, the next day, etc.
  • an account of the user from which funds are to be withdrawn or into which they are to be deposited e.g., a debit, a deposit, and/or a fund transfer
  • the data entered by the user is transmitted to FI 20 .
  • FI 20 receives the parameters of the ATM transaction from the mobile financial transaction instrument 100 or computer 34 , 54 and prepares a unique AA transaction key for the transaction.
  • the single-use AA transaction key may be an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the transaction key and the remainder of the transaction key may be a random string that does not include any personal account identification information.
  • some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
  • some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • a copy of the unique transaction key may be locally or remotely stored by FI 20 in a data storage unit 26 for later use as described below.
  • FI 20 forwards a copy of the AA transaction key to mobile financial transaction instrument 100 where it is stored in a computer readable storage medium, such as main memory 108 and/or secondary memory 110 .
  • the unique AA transaction key is transmitted to mobile financial transaction instrument 100 associated with the user's account at the FI 20 even if the user sets up the financial transaction from computer 34 , 54 .
  • Mobile financial transaction instrument 100 transmits a message to FI 20 once the unique AA transaction key for the ATM transaction has been stored by mobile financial transaction instrument 100 at which point the ATM transaction is pending.
  • FI 20 may move funds the user has identified for withdrawal or transfer from the account identified by the user to a holding account where the funds remain until the transaction is completed.
  • a user approaches an ATM 70 that is configured to perform contactless transactions by sending and receiving data using NFC, Bluetooth, or through other wireless communication protocols.
  • the user places mobile financial transaction instrument 100 near ATM 70 , which transfers the stored single-use AA transaction key from mobile financial transaction instrument 100 to ATM 70 .
  • ATM 70 receives the AA transaction key from mobile financial transaction instrument 100 and extracts the first several characters of the AA transaction key that are used to identify the financial institution that generated the AA transaction key.
  • the characters extracted from the AA transaction key are sent to the AA Registry to identify the financial institution to which the AA transaction key is to be routed.
  • the AA Registry uses the received characters to identify the financial institution that generated the AA transaction key and the contact information (e.g., IP address) for the financial institution.
  • ATM 70 may have the appropriate contact information for the financial transaction locally stored in a non-volatile computer readable storage medium and thus do not transfer and receive data with the AA Registry.
  • ATM 70 transmits a message including the AA transaction key received from mobile financial transaction instrument 100 to FI 20 via a closed network connection.
  • FI 20 receives the message from ATM 70 and validates the AA transaction key and the transaction. Validation of the AA transaction key may include extracting the AA transaction key from the message received from ATM 70 and comparing the received AA transaction key to the copy of the AA transaction key stored in data storage device 26 .
  • FI 20 may validate the transaction by checking to ensure that the ATM transaction is in accordance with the parameters defined by the user.
  • FI 20 may confirm that the transaction is being performed within the time frame authorized by the user and at a location that was authorized by the user, which may be determined by comparing data included in the message received from ATM 70 that was added by ATM 70 (e.g., an ATM identification number, time stamp, etc).
  • data included in the message received from ATM 70 that was added by ATM 70 e.g., an ATM identification number, time stamp, etc.
  • FI 20 transmits an authorization message to ATM 70 via the closed network connection through which FI 20 received the authorization request from ATM 70 .
  • ATM 70 executes the transaction for the user. For example, if the transaction is a withdrawal, then ATM 70 disburses the money to the user as will be understood by those skilled in the art.
  • the near-instant ATM transaction advantageously reduces the amount of time that a person needs to remain in front of an ATM thereby increasing the security and safety of performing ATM transactions.
  • FIG. 5B is a flow chart of the functions performed by mobile financial transaction instrument 100 during the improved ATM transaction illustrated in FIG. 5A .
  • mobile financial transaction instrument 100 establishes a connection with a website provided by FI 20 .
  • the connection may be established between mobile financial transaction instrument 100 and server 36 of FI 20 using HTTPS or another encrypted communication link.
  • a user may access a customer portal 28 of FI 20 where the user inputs a username or customer ID along with a password.
  • the access to the website may be provided through a browser on mobile financial transaction instrument 100 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100 .
  • Mobile financial transaction instrument 100 receives the parameters of the ATM transaction input by user using input device 128 at block 504 , which are forwarded from mobile financial transaction instrument 100 to FI 20 at block 506 .
  • mobile financial transaction instrument 100 receives an AA unique transaction key for the ATM transaction.
  • Mobile financial transaction instrument 100 stores the unique AA transaction key in a computer readable storage medium at block 510 .
  • mobile financial transaction instrument 100 may store the transaction key in main memory 108 and/or in secondary memory 110 .
  • Mobile financial transaction instrument 100 transmits a message to FI 20 confirming receipt of the transaction key at 512 .
  • mobile financial transaction instrument 100 transmits the stored AA transaction key to ATM 70 .
  • the transaction key may be wirelessly transmitted using NFC or other wireless communication method.
  • FIG. 5C is one example of a flow diagram of a method 520 performed by the financial institution.
  • a connection is established with a mobile financial transaction instrument 100 or computer 34 , 54 at block 522 .
  • the connection with mobile financial transaction instrument 100 or computer 34 , 54 may be established using HTTPS or another encrypted communication link.
  • FI 20 authenticates the user by confirming that the username or customer number and password received from mobile financial transaction instrument 100 or computer 34 , 54 correspond to a user account with the FI 20 .
  • FI 20 receives data defining an ATM transaction from mobile financial transaction instrument 100 or computer 34 , 54 at block 526 .
  • the data received from mobile financial transaction instrument 100 or computer 34 , 54 may include a location of the ATM that will be used for the transaction, the type of transaction that will be performed at the ATM (e.g., withdrawal, deposit, etc.), an amount of the transaction, and a user account that is to be involved in the transaction.
  • the data received from mobile financial transaction instrument 100 or computer 34 , 54 may include more or less data.
  • FI 20 prepares a single-use AA transaction key for use in the ATM transaction.
  • the single-use AA transaction key may be generated using a random string generator to create an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the transaction key and the remainder of the transaction key may be a random string that does not include any personal account identification information.
  • some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
  • some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • the single-use AA transaction key is stored by FI 20 in a data storage unit 26 at block 530 for later use.
  • FI 20 may also store the parameters received from computer 34 , 54 or mobile financial transaction instrument 100 defining the ATM transaction in one or more of data storage units 26 such that the parameters are associated with the single-use AA transaction key and/or an account of the user.
  • FI 20 transmits a copy of the single-use AA transaction key to mobile financial transaction instrument 100 at block 532 .
  • the AA transaction key is transmitted to mobile financial transaction instrument 100 even if a user provides FI 20 with the parameters of the financial transaction using computer 34 , 54 since mobile financial transaction instrument 100 is used to carry out the financial transaction.
  • FI 20 transfers funds that are to be withdrawn to a wash account if the ATM transaction is a withdrawal.
  • FI 20 processes a validation request received from ATM 70 at block 536 .
  • the validation request includes a ATM-generated PIN and a copy of the AA transaction key, which is used by FI 20 to approve or decline the ATM transaction at block 538 .
  • FI 20 declines the transaction at block 540 and transmits a transaction declined message to mobile financial transaction instrument 100 and/or ATM 70 at block 542 .
  • FI 20 may decline the transaction if the AA transaction key is received after the expiration of the authorized time period for the ATM transaction as defined by the user.
  • FI 20 may compare a time stamp included in the authorization request message received from ATM 70 to a time value stored in a data storage device 26 to determine if the transaction is taking place within the authorized time period. FI 20 may transfer the user's funds from the temporary wash account to the account from which the funds were deducted in the event that the transaction is declined.
  • FI 20 determines the transaction should be approved at block 540 , then the transaction is approved at block 544 .
  • FI 20 transmits a transaction confirmation message to ATM 70 .
  • FI 20 transmits the ATM-generated PIN to mobile financial transaction instrument 100 at block 548 .
  • FIG. 5D illustrates one example of a method 560 performed by ATM 70 during an ATM transaction in accordance with FIG. 5A .
  • Method 560 begins with ATM 70 receiving a single-use transaction key from mobile financial transaction instrument 100 .
  • the transaction key may be received from mobile financial transaction instrument 100 using NFC, Bluetooth, or other wireless transmission protocol when the mobile financial transaction instrument 100 is positioned near ATM 70 .
  • the ATM 70 generates a PIN at block 564 .
  • the PIN may be generated by a random number generator as will be understood by one skilled in the art.
  • the PIN is a random number string of approximately four to ten digits.
  • the PIN may include fewer or more numbers.
  • ATM 70 may extract the first several characters of the AA transaction key that are used to identify the financial institution that generated the AA transaction key and forward the extracted characters to the AA Registry to identify the financial institution to which the AA transaction key is to be routed.
  • the AA Registry uses the received characters to identify the financial institution that generated the AA transaction key and the contact information (e.g., IP address) for the financial institution.
  • ATM 70 may have the appropriate contact information for the financial transaction locally stored in a non-volatile computer readable storage medium and thus do not transfer and receive data with the AA Registry.
  • ATM 70 transmits a validation request message to FI 20 over a closed network connection.
  • the validation request message includes the AA transaction key and the PIN generated by ATM 70 .
  • the validation request message may also include additional data added by ATM 70 including, but not limited to, a time stamp, an ATM identifier, or the like.
  • ATM 70 received a transaction authorization message from FI 20 and determines if the transaction has been authorized by FI 20 . If ATM 70 determines that the transaction has been declined by FI 20 , then ATM 70 declines the transaction at block 570 . For example, ATM 70 may display a message to the user on display 106 identifying that the transaction has been declined.
  • ATM 70 determines if it has received the ATM-generated PIN from the user or mobile financial transaction instrument 100 at decision block 572 .
  • a user may input a PIN using input device 128 , which is analyzed by ATM 70 to determine if the input PIN matches a stored copy of the ATM-generated PIN.
  • ATM 70 may received a PIN from mobile financial transaction instrument 100 via a wireless communication connection, such as NFC, and compare the received PIN to a stored copy of the ATM-generated PIN to determine if the PINs match.
  • ATM 70 declines the transaction at block 574 . Declining the transaction may include displaying a message to user on display 106 of ATM 70 or transmitting a message to mobile financial transaction instrument 100 via a wireless transmission protocol that causes a message to be displayed to the user on display 106 of mobile financial transaction instrument 100 .
  • ATM 70 may also transmit a message to FI 20 to notify FI 20 that the transaction has been declined by ATM 70 .
  • ATM 70 receives the ATM-generated PIN via input device 128 of ATM 70 or via a wireless communication connection with mobile financial transaction instrument 100 , then ATM 70 completes the ATM transaction at block 576 .
  • ATM 70 may dispense the funds to the user if the transaction is a withdrawal and may transmit a message to FI 20 identifying that the transaction has been completed.
  • the active authentication may also be used in connection with person-to-person (“P2P”) transaction, i.e., a transaction in which funds are transferred from one person's financial institution to the financial institution of another person.
  • P2P person-to-person
  • the financial institutions of the person sending the funds (“transferor”) is different from the financial institution of the person receiving the funds (“transferee”).
  • the transferor and the transferee may have accounts with the same financial institution.
  • FIGS. 6A and 6B illustrate the flow of data in a P2P transaction. Referring first to FIG. 6A , a transferor logs onto a website of a financial institution 20 - 1 at which the transferor has an account. The transferor may log onto the website of FI 20 - 1 using a browser on a computer 34 , 54 or a browser or mobile application installed on a mobile financial transaction instrument 100 - 1 .
  • Mobile financial transaction instrument 100 - 1 or computer 34 , 54 establishes a connection with server 36 on which the FI's website resides using HTTPS or other encrypted communication protocol, and the financial institution's website may authenticate the transferor based on data received from mobile financial transaction instrument 100 - 1 or computers 34 , 54 .
  • data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
  • the transferor is provided with a GUI 28 in which the parameters of a P2P transaction may be defined by the transferor.
  • the GUI displayed to the transferor may enable the transferor to identify the amount of the transfer, an account from which the funds are to be transferred, a phone number or other unique identifier of the mobile financial transaction instrument of the transferee (e.g., a MAC address, an IMSI, or ESN), an email address of the transferee, and a time period during which the fund transfer may be performed, to name a few possible data entries.
  • the transferor's FI 20 - 1 prepares a fund transfer based on the data provided by the transferor.
  • the GUI 28 provided by FI 20 - 1 may request the transferor confirm the transaction by utilizing input device 128 of computer 34 , 54 or financial transaction input device 100 - 1 .
  • FI 20 - 1 moves the funds identified by the transferor as being transferred into a wash account in response to the transaction being confirmed by the transferor.
  • FI 20 - 1 also generates an AA transaction key and a PIN.
  • the AA transaction key may include a plurality of alpha-numeric characters in which the first several alpha-numeric characters identify the financial institution that prepared the AA transaction key and the remaining characters are randomly generated.
  • the AA transaction key may include one or more portions that either identifies or is based on a user's account with the institution as described above.
  • some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • the AA transaction key and PIN are stored in a computer readable storage medium along with the parameters of the P2P transaction received from computer 34 , 54 or mobile financial transaction instrument 100 - 1 .
  • FI 20 - 1 transmits the PIN to the mobile financial transaction instrument 100 - 2 of the transferee.
  • the PIN is transmitted from FI 20 - 1 to mobile financial transaction instrument 100 - 2 via SMS, email, or another data transfer method.
  • FI 20 - 1 also transmits the single-use AA transaction key to the computer 34 , 54 or mobile financial transaction instrument 100 - 1 of the transferor.
  • the AA transaction key may be transmitted via the HTTPS or otherwise encrypted connection between FI 20 - 1 and computer 34 , 54 , or mobile financial transaction instrument 100 - 1 .
  • the transferor transmits the AA transaction key from computer 34 , 54 or mobile financial transaction instrument 100 - 1 to the mobile financial transaction instrument 100 - 2 of the transferee.
  • the AA transaction key is wirelessly transferred via NFC, Bluetooth, or other short range wireless protocol.
  • the transferor may transmit the AA transaction key via email, SMS message, or other data transfer method as will be understood by one skilled in the art.
  • the P2P transaction continues when the transferee forwards the PIN received from FI 20 of the transferor and the single-use transaction key received from the computer 34 , 54 or mobile financial transaction instrument 100 of the transferor to the transferee's financial institution as illustrated in FIG. 6B .
  • the PIN and AA transaction key may be transmitted to the financial institution of the transferee from the mobile financial transaction instrument 100 used by the transferee via an encrypted communication channel such as, for example, HTTPS or the like.
  • FI 20 - 2 may request routing information from the TA Registry.
  • the communication between FI 20 - 2 and TA Registry may be via an HTTPS or otherwise encrypted communication channel.
  • TA Registry provides FI 20 - 2 with the appropriate routing information based on the request received from FI 20 - 2 , which may include some or all of the characters of the AA transaction key.
  • FI 20 - 2 may have the routing information for the transferor's financial institution locally saved in a non-transient computer readable storage medium from which FI 20 - 2 may retrieve the routing information.
  • FI 20 - 2 receives/retrieves the routing information and transmits the single-use transaction key and PIN, which were stored in data storage devices 26 of FI 20 - 2 , to the transferor's financial institution 20 - 1 .
  • the transferor's financial institution 20 - 1 validates the single-use AA transaction key and PIN and releases the funds from the wash account.
  • the funds may be transferred from FI 20 - 1 to FI 20 - 2 via ACH, account transfer, or other method of fund transfer between financial institutions or within a financial institution as will be understood by one skilled in the art.
  • FIG. 6C illustrates one example of the functions performed by computer 34 , 54 or mobile financial transaction instrument 100 - 1 of the transferor during the P2P transaction illustrated in FIGS. 6A and 6B
  • computer 34 , 54 or mobile financial transaction instrument 100 - 1 establishes a connection with FI 20 - 1 using an encrypted communication protocol such as HTTPS at block 602 .
  • the transferor may access a customer portal 28 of the transferor's financial institution's website where the transferor inputs a username or customer ID along with a password.
  • the access to the website may be provided through a browser on computer 34 , 54 or a mobile financial transaction instrument 100 - 1 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100 - 1 .
  • the transferor may use input device 128 to gain access to the appropriate GUI provided by the FI 20 for setting up a financial transaction.
  • Mobile financial transaction instrument 100 - 1 or computer 34 , 54 receives the parameters of the P2P transaction input by the transferor using input device 128 at block 604 , which are forwarded from mobile financial transaction instrument 100 - 1 or computer 34 , 54 to the transferor's financial institution at block 606 .
  • mobile financial transaction instrument 100 - 1 or computer 34 , 54 receives a unique AA transaction key for the P2P transaction.
  • the unique AA transaction key may be stored in a non-transient computer readable storage medium by computer 34 , 54 or mobile financial transaction instrument 100 - 1 at block 610 for later transfer to the mobile financial transaction instrument 100 - 2 of the transferee at block 612 .
  • the AA transaction key may be transferred from computer 34 , 54 or mobile financial transaction instrument 100 - 1 via a wireless transfer, such as NFC or Bluetooth, or the transfer may be made using another transmission protocol as will be understood by one skilled in the art.
  • FIG. 6D One example of the functions performed by the transferor's financial institution during the P2P transaction illustrated in FIGS. 6A and 6B is shown in FIG. 6D .
  • a connection is established with the transferor's mobile financial transaction instrument 100 - 1 or computer 34 , 54 .
  • the connection with mobile financial transaction instrument 100 - 1 or computer 34 , 54 may be established using HTTPS or another encrypted communication link.
  • FI 20 - 1 authenticates the user by confirming that the username or customer number and password received from the transferor's mobile financial transaction instrument 100 - or computer 34 , 54 correspond to the transferor's account with the financial institution.
  • FI 20 - 1 receives data defining a P2P transaction from mobile financial transaction instrument 100 - 1 or computer 34 , 54 at block 626 .
  • the data received from mobile financial transaction instrument 100 - 1 or computer 34 , 54 may include an amount of the transaction, an account of the transferor that is to be involved in the transaction, and information concerning the transferee including, but not limited to, a phone number or other unique identifier of the mobile financial transaction instrument of the transferee (e.g., MAC address, IMSI, ESN, etc.), an email address of the transferee, and a time period during which the fund transfer may be performed.
  • a phone number or other unique identifier of the mobile financial transaction instrument of the transferee e.g., MAC address, IMSI, ESN, etc.
  • an email address of the transferee e.g., a time period during which the fund transfer may be performed.
  • the transferor's financial institution 20 - 1 prepares a unique, single-use AA transaction key and a PIN at block 628 .
  • the single-use AA transaction key may be a random alpha-numeric key including one or more values that identify the financial institution that prepared the key.
  • the AA transaction key may include one or more portions that either identifies or is based on a user's account with the institution as described above. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
  • the PIN and AA transaction key are stored in one or more data storage devices 26 for later use.
  • the transferor's financial institution 20 - 1 may also store the parameters of the P2P transaction in one or more data storage devices 26 such that the P2P transaction parameters are associated with the PIN and AA transaction key.
  • the AA transaction key is transmitted to the computer 34 , 54 or mobile financial transaction instrument 100 - 1 of the transferor.
  • the single-use AA transaction key may be transmitted to computer 34 , 54 of mobile financial transaction instrument 100 - 1 via a secure internet connection using HTTPS or other encrypted communication channel.
  • the transferor's financial institution 20 - 1 transmits a PIN to the financial transaction device 100 - 2 of the transferee at block 634 .
  • the transferor's financial institution receives the AA transaction key and PIN number from the transferee's financial institution.
  • the AA transaction key and PIN may be received via an encrypted connection between the financial institutions.
  • the transferor's financial institution determines if the transaction should be approved at decision block 638 . Determining if the P2P transaction should be approved may include comparing the AA transaction key and PIN received from the transferee's financial institution to copies of the AA transaction key and PIN stored in one or more of the non-transient data storage devices 26 .
  • the transferor's financial institution 20 - 1 may transmit a transaction declined message to the transferee's financial institution 20 - 2 at block 642 .
  • the transferor's financial institution may also transfer the funds from the wash account back into the transferor's account from which the funds were originally deducted.
  • the transferor's financial institution 20 - 1 releases the funds from the wash account such that they may be deposited in the account of the transferee at the transferee's financial institution at block 646 .
  • the transferor's FI 20 - 1 sends a message to the financial institution of the transferee notifying FI 20 - 2 that the P2P transaction has been confirmed and the funds are available for transfer.
  • the transfer of funds may be performed using ACH, account transfer, or other form of fund transfer from the transferor's financial institution to the financial institution of the transferee, which may be the same financial institution or different financial institutions as described above.
  • the transferee logs onto a website of the transferee's financial institution 20 - 2 using a browser or mobile application installed on the transferee's mobile financial transaction instrument 100 - 2 .
  • the connection established between mobile financial transaction instrument 100 - 2 and FI 20 - 2 may be an encrypted connection using HTTPS or other encryption technique.
  • the mobile financial transaction instrument 100 - 2 receives an input from transferee at block 664 , which results in mobile financial transaction instrument 100 - 2 being placed in a receive mode. When placed in the receive mode, the mobile financial transaction instrument 100 monitors its wireless transmission interface for a message to be received via a wireless communication protocol such as NFC, Bluetooth, or the like.
  • mobile financial transaction instrument 100 - 2 receives the PIN from the transferor's FI 20 - 2 .
  • the PIN may be received via SMS, email, or by way of another messaging methodology.
  • Mobile financial transaction instrument 100 - 2 receives the single-use AA transaction key from the transferor's mobile financial transaction instrument 100 - 1 at block 668 .
  • the AA transaction key is received from the transferor's financial transaction key 100 - 1 via NFC, Bluetooth, or other wireless transmission protocol.
  • the AA transaction key and PIN may be temporarily stored in a non-transient computer readable storage medium, such as main memory 108 and/or secondary memory 110 , of mobile financial transaction instrument 100 - 2 at block 670 .
  • mobile financial transaction instrument 100 - 2 transmits the transaction key and PIN to the financial institution of the transferee.
  • the AA transaction key and PIN may be transmitted via a secure connection between mobile financial transaction instrument 100 - 2 and FI 20 - 2 .
  • the transaction key and PIN may be transmitted using HTTPS or other encrypted communication channel.
  • mobile financial transaction instrument 100 - 2 receives a message from the transferee's financial institution identifying if the fund transfer was successful.
  • the message received from transferee's FI 20 - 2 may be displayed to the transferee on display 106 of mobile financial transaction instrument 100 - 2 as will be understood by one skilled in the art.
  • FIG. 6F A flow chart demonstrating one example of the functions performed by the transferee's financial institution during a P2P transaction in accordance with the one illustrated in FIGS. 6A and 6B is provided in FIG. 6F .
  • a connection is established between transferee's FI 20 - 2 and the transferee's mobile financial transaction instrument 100 - 2 at block 682 when the transferee logs onto a website of the transferee's financial institution 20 - 2 using a browser or mobile application installed on the transferee's mobile financial transaction instrument 100 - 2 .
  • Data is exchanged between FI 20 - 2 and mobile financial transaction instrument 100 - 1 via an encrypted connection using HTTPS or other encryption technique.
  • an AA transaction key and PIN are received from the transferee's mobile financial transaction instrument 100 - 2 .
  • the AA transaction key and PIN are received over the encrypted connection between FI 20 - 2 and mobile financial transaction instrument 100 - 2 .
  • FI 20 - 2 extracts the AA transaction key and PIN from the message received from mobile financial transaction instrument 100 - 1 and uses at least some of the received AA transaction key to request routing information from the AA Registry or to retrieve routing information from a non-transient data storage device in order to transmit the transaction key and PIN to the transferor's FI 20 - 1 .
  • FI 20 - 2 may bifurcate the transaction key such that the first several characters are used for determining the routing information and the remainder of the transaction key is stored in a non-volatile computer readable storage medium.
  • the characters used for identifying the financial institution that issued the AA transaction key are transmitted to the AA Registry in a message requesting the appropriate routing information for routing the transaction key or is retrieved from the computer readable storage medium at block 686 .
  • the transferee's financial institution transmits the AA transaction key and PIN to the transferor's financial institution using the routing information received from the AA Registry or retrieved from the storage medium.
  • a message is received from the transferor's financial institution 20 - 1 identifying if the transaction has been approved or declined at block 690 .
  • the message received from the transferor's financial institution may be received via the same connection as the authorization request message transmitted to FI 20 - 1 at block 688 .
  • the transferee's financial institution transmits a message to the mobile financial transaction instrument 100 - 2 of the transferee indentifying if the transaction has been approved or declined at block 692 .
  • transferee's financial institution receives the funds from the transferor's financial institution at block 694 .
  • the funds may be received via ACH, account transfer, or other form of fund transfer from the transferor's financial institution to the financial institution of the transferee, which may be the same financial institution or different financial institutions as described above.
  • the disclosed systems and methods described herein advantageously enable financial transactions to be implemented using unique, single-use AA transaction keys that limit the risk of misappropriation and fraud since the transaction keys do not include static user account information. Consequently, the transmission of data during the financial transaction does not require high-level encryption as the transmitted messages of the transaction do not include personal account information that can be misappropriated and used at a later time for fraudulent transactions.
  • the transaction keys may be used at ATMs as well as for P2P and money wiring transactions.

Abstract

A financial transaction method includes receiving a request to perform a financial transaction at a financial institution, generating a single-use transaction key for the financial transaction, and storing at least a first portion of the transaction key in a storage medium. The transaction key is transmitted to a user that requested the financial transaction, and an authorization request including at least a second portion of the transaction key is received from a merchant. The second portion of the transaction key received from the merchant is compared to the first portion of the transaction key to determine if the transaction should be authorized. An authorization message is transmitted to the merchant if the second portion of the transaction key received from the merchant matches the first portion of the transaction key. The financial transaction is funded from an account of the user if the financial transaction is authorized.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims priority to U.S. Patent Application Ser. No. 61/452,880, filed Mar. 15, 2011, the entirety of which is herein incorporated by reference.
FIELD
The disclosed systems and methods relate to financial transactions. More specifically, the disclosed systems and methods relate to financial transactions in which three entities are actively engaged in authenticating a transaction.
BACKGROUND
Conventional financial transactions utilize numbers that are assigned to cards or other payment devices (e.g., fobs), then to banks, and finally to a consumer. These numbers and their keys (card verification codes) are easily stolen and manipulated. The infrastructure supporting these financial transactions was developed and built on technology from half a century ago and has not substantially evolved.
Additionally, the financial transactions involving these number-based payment devices are linear transactions that only occur between two active participants: the merchant and the financial institution. For example, when a credit card is used to pay for merchandise, the merchant transmits the credit card information to the issuing bank, which approves or declines the transaction based on a status of the account of the party presenting credit card. However, a single transaction may pass through 3 or more systems for validation. Merchant processors, aggregators, card association systems, and other systems may process data along the way, but do not take part in the authorization of the transaction. Instead, these intermediaries merely add unneeded complexity, unnecessary cost, increased processing time, and an increase in risk for a given transaction.
SUMMARY
In some embodiments, a financial transaction method includes receiving a request to perform a financial transaction at a financial institution, generating a single-use transaction key for the financial transaction, and storing at least a first portion of the transaction key in a storage medium. The transaction key is transmitted to a user that requested the financial transaction, and an authorization request including at least a second portion of the transaction key is received from a merchant. The second portion of the transaction key received from the merchant is compared to the first portion of the transaction key to determine if the transaction should be authorized. An authorization message is transmitted to the merchant if the second portion of the transaction key received from the merchant matches the first portion of the transaction key. The financial transaction is funded from an account of the user if the financial transaction is authorized.
In some embodiments, a financial transaction system includes a non-transient computer readable storage medium, an engine for generating a substantially random alpha-numeric string, and a processor coupled to the non-transient computer readable storage medium and the engine. The processor is configured to cause the engine to generate a single-use transaction key in response to receiving a request to perform a financial transaction from a user having an account with a financial institution, cause at least a first portion of the single-use transaction key in store the single-use transaction key to be stored in the non-transient computer readable storage medium, and cause the single-use transaction key to be transmitted to the user. The processor is configured to determine if at least a second portion of the single-use transaction key received from a merchant matches the first portion of the single-use transaction key stored in the non-transient computer readable storage medium, and cause a message to be transmitted the merchant authorizing the financial transaction if the second portion of the single-use transaction key matches the first portion of the single-use transaction key.
In some embodiments, a non-transient machine readable storage medium is encoded with program code, wherein when the program code is executed by a processor, the processor performs a method. The method includes causing a single-use transaction key for a financial transaction to be generated in response to receiving a request to perform a financial transaction from a user having an account at a financial institution, causing the single-use transaction key to be transmitted to the user that requested the financial transaction, comparing a second portion of the single-use transaction key received from a merchant to a first portion of the single-use transaction key stored in the non-transient computer readable storage medium to determine if the transaction should be authorized, and causing a message to be transmitted the merchant authorizing the financial transaction if the second portion of the single-use transaction key matches the first portion of the single-use transaction key.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features and advantages of the present invention will be more fully disclosed in, or rendered obvious by the following detailed description of the preferred embodiments of the invention, which are to be considered together with the accompanying drawings wherein like numbers refer to like parts and further wherein:
FIG. 1 is a block diagram of one example of a network for performing financial transactions;
FIG. 2 is one example of an architecture of a mobile financial transaction instrument for performing financial transactions;
FIG. 3A is a flow chart of one example of a dynamic or active authentication method;
FIG. 3B is a flow chart of one example of a method performed by a mobile financial transaction instrument during a financial transaction utilizing active authentication;
FIG. 3C is a flow chart of one example of a method performed by a financial institution during a financial transaction utilizing active authentication;
FIG. 3D is a flow chart of one example of a method performed by a point-of-sale device of a merchant during a financial transaction utilizing active authentication;
FIGS. 4A and 4B illustrate are flow charts of one example of a method of wiring funds to a third party using active authentication;
FIG. 4C is a flow chart of one example of the functions performed by a computer or mobile financial transaction instrument used by a transferor during a fund transfer method in accordance with FIGS. 4A and 4B;
FIG. 4D is a flow chart of one example of the functions performed by a financial institution in accordance with the fund transfer method illustrated in FIGS. 4A and 4B;
FIG. 4E is a flow chart of one example of the functions performed by an ATM in accordance with the fund transfer method illustrated in FIGS. 4A and 4B;
FIG. 5A illustrates the flow of data in one example of an improved ATM transaction;
FIG. 5B is a flow chart of one example of the functions performed by a mobile financial transaction instrument in accordance with the ATM transaction illustrated in FIG. 5A;
FIG. 5C is a flow chart of one example of the functions performed by a financial institution in accordance with the ATM transaction illustrated in FIG. 5A; and
FIG. 5D is a flow chart of one example of the functions performed by an ATM in accordance with the ATM transaction illustrated in FIG. 5A.
FIGS. 6A and 6B are flow charts of one example of a method of performing a person-to-person transaction using active authentication;
FIG. 6C is a flow chart of one example of the functions performed by a transferor's mobile financial transaction instrument in accordance with the person-to-person transaction illustrated in FIGS. 6A and 6B;
FIG. 6D is a flow chart of one example of the functions performed by the transferor's financial institution during a person-to-person financial transaction in accordance with FIGS. 6A and 6B;
FIG. 6E is a flow chart of one example of the functions performed by a transferee's mobile financial transaction instrument in accordance with the person-to-person transaction illustrated in FIGS. 6A and 6B; and
FIG. 6F is a flow chart of one example of the functions performed by a transferee's financial institution in accordance with the person-to-person transaction illustrated in FIGS. 6A and 6B.
 DETAILED DESCRIPTION
The disclosed systems and methods for performing financial transactions provide enhanced security compared to conventional methods by effectively eliminating the need to assign credit/debit card numbers that are specific to a mobile financial transaction instrument and an individual. Additionally, the systems and methods for performing financial transactions enable non-numeric identifiers to be utilized in financial transactions such that banks and other financial entities are not confined to the ISO/IEC 7812 numbering scheme having limited account numbers per issuer identification numbers (“IIN”).
FIG. 1 illustrates one example of a plurality of mobile financial transaction instruments 100-1, 100-2 (collectively referred to as “mobile financial transaction instruments 100”) communicatively coupled to a plurality of networks and devices through network 10. Network 10 may be a wide area network (“WAN”), a local area network (“LAN”), personal area network (“PAN”), or the like. In one embodiment, network 10 is the Internet and mobile financial transaction instruments 100 are online. “Online” may mean connecting to or accessing source data or information from a location remote from other devices or networks coupled to Internet 10. Alternatively, “online” may refer to connecting or accessing an electronic network (wired or wireless) via a mobile financial transaction instrument 100 or computer 54 as described below. The Internet is a worldwide system of computer networks—a network of networks in which a party at one computer or other device connected to the network can obtain information from any other computer and communicate with parties of other computers or devices. The most widely used part of the Internet is the World Wide Web (often-abbreviated “WWW” or called “the Web”).
One of the most outstanding features of the Web is its use of hypertext, which is a method for cross-referencing. In most Web sites, certain words or phrases appear in text of a different color than the surrounding text. This text is often also underlined. Sometimes, there are hot spots, such as buttons, images, or portions of images that are “clickable.” Clicking on hypertext or a hot spot causes the downloading of another web page via a protocol such as hypertext transport protocol (“HTTP”). Using the Web provides access to millions of pages of information. Web “surfing” is done with a Web browser, the most popular of which presently are Apple Safari, Microsoft Internet Explorer, and Mozilla Firefox. The appearance of a particular website may vary slightly depending on the particular browser used. Versions of browsers have “plug-ins,” which provide animation, virtual reality, sound, and music. Interpreted programs (e.g., applets) may be run within the browser.
As shown in FIG. 1, financial institution (“FI”) 20 is coupled to network 10 through firewall 22 that blocks network connections from the outside world to FI 20 inside the firewall. FI 20 may be a bank, credit union, or any entity that provides demand deposit accounts, issues or processes credit or debit transaction, or the like. It is also understood that firewalls are often governed by a set of rules that specify what IP addresses, ports, and even types of traffic are allowed to connect to machines inside the firewall. It is also understood that other network security defense tools may be employed as part of a defense-in-depth strategy to secure FI 20 including, but not limited to, intranet subnet partitioning, a demilitarized zone, intrusion detection or host-based intrusion prevention systems.
FI 20 also includes a processing unit 24 coupled to one or more data storage units 26-1, 26-2 (collectively referred to as “data storage units 26”). The processing unit 24 provides front-end graphical user interfaces (“GUIs”), e.g., customer GUI 28, non-customer GUI 30, and back-end GUIs 32 to a remote computer 54 or to local computer 34. The GUIs can take the form of, for example, a webpage that is displayed using a browser program local to the remote computers 54 or to local computer 34. It is understood that the FI 20 may be implemented on one or more computers 34, servers 36, or like devices. For example, FI 20 may include servers programmed or partitioned based on permitted access to data stored in data storage units 26. Front-and back- end GUIs 28, 30, 32 may be portal pages that include various content retrieved from the one or more data storage devices 26. As used herein, “portal” is not limited to general-purpose Internet portals, such as YAHOO! or GOOGLE but also includes GUIs that are of interest to specific, limited audiences and that provide the party access to a plurality of different kinds of related or unrelated information, links and tools as described below. “Webpage” and “website” may be used interchangeably herein.
Remote computers 54 may be part of a computer system network 50 and gain access to network 10 through an Internet service provider (“ISP”) 52. Mobile financial transaction instruments 100 may gain access to network 10 through a wireless cellular communication network, a WAN hotspot, or through a wired or wireless connection with a computer 20 as will be understood by one skilled in the art. A merchant 60 including having a plurality of point-of-sale (“POS”) terminals 62 may be connected to network 10. POS terminals 62 may be directly connected to network 10 or be connected through a gateway 64, which may be a processing device coupled to one or more data storage units 66. An automated teller machine (“ATM”) 70 may also be connected to FI 20 through network 10.
In one embodiment, mobile financial transaction instrument 100 includes any mobile device capable of transmitting and receiving wireless signals. For example, a mobile financial transaction instrument may include, but is not limited to, mobile or cellular phones, personal digital assistants (“PDAs”), laptop computers, tablet computers, fobs, music players, and e-readers, to name a few possible devices. In some embodiments, a mobile financial transaction instrument 100 may be a desktop computer configured to perform financial transaction over a network such as the Internet. FIG. 1 is a block diagram of one example of an architecture of mobile financial transaction instrument 100. As shown in FIG. 1, mobile financial transaction instrument 100 may include one or more processors, such as processor(s) 102. Processor(s) 102 may be any central processing unit (“CPU”), microprocessor, micro-controller, or computational device or circuit for executing instructions and be connected to a communication infrastructure 104 (e.g., a communications bus, cross-over bar, or network). Various software embodiments are described in terms of this exemplary mobile financial transaction instrument 102. After reading this description, it will be apparent to one skilled in the art how to implement the method using mobile financial transaction instruments that include other systems or architectures.
Mobile financial transaction instrument 100 may include a display 106 that displays graphics, text, and other data received from the communication infrastructure 104 (or from a frame buffer not shown) to a user. Examples of such displays 106 include, but are not limited to, LCD screens and plasma screens, to name a few possible displays. Mobile financial transaction instrument 100 also includes a main memory 108, such as a random access (“RAM”) memory, and may also include a secondary memory 110. Secondary memory 110 may include a more persistent memory such as, for example, a hard disk drive 112 and/or removable storage drive 114, representing a magnetic tape drive, an optical disk drive, or the like. Removable storage drive 114 reads from and/or writes to a removable storage unit 116 in a manner that is understood by one skilled in the art. Removable storage unit 116 represents a magnetic tape, optical disk, or the like, which may be read by and written to by removable storage drive 114. As will be understood by one skilled in the art, the removable storage unit 116 may include a tangible machine readable storage medium having stored therein computer software and/or data.
In some embodiments, secondary memory 110 may include other devices for allowing computer programs or other instructions to be loaded into mobile financial transaction instrument 100. Such devices may include, for example, a removable storage unit 118 and a corresponding interface 120. Examples of such units 118 interfaces 120 may include a removable memory chip (such as an erasable programmable read only memory (“EPROM”)) programmable read only memory (“PROM”)), secure digital (“SD”) card and associated socket, and other removable storage units 118 and interfaces 120, which allow software and data to be transferred from the removable storage unit 118 to mobile financial transaction instrument 100.
Mobile financial transaction instrument 100 may also include a speaker 122, a camera 124, a microphone 126, and an input device 128. Examples of input device 128 include, but are not limited to, a keyboard, buttons, a trackball, or any other interface or device through a user may input data. In some embodiment, input device 128 and display 106 are integrated into the same device. For example, display 106 and input device 128 may be touch screen through which a user uses a finger, pen, or stylus to input data into mobile financial transaction instrument 100.
Mobile financial transaction instrument 100 also include one or more communication interfaces 130, which allows software and data to be transferred between mobile financial transaction instrument 100 and external devices such as, for example, a point-of-sale (“POS”) device, an automated teller machine (“ATM”), a computer, and other devices that may be locally or remotely connected to mobile financial transaction instrument 100. Examples of the one or more communication interfaces 130 may include, but are not limited to, a modem, a network interface (such as an Ethernet card or wireless card), a communications port, a Personal Computer Memory Card International Association (“PCMCIA”) slot and card, one or more Personal Component Interconnect (“PCI”) Express slot and cards, or any combination thereof. The one or more communication interfaces 130 may also include a wireless interface configured for short range communication, such as near field communication (“NFC”), Bluetooth, or other interface for communication via another wireless communication protocol.
Software and data transferred via the one or more communications interfaces 130 are in the form of signals, which may be electronic, electromagnetic, optical, or other signals capable of being received by communications interfaces 130. These signals are provided to communications interface 130 via a communications path or channel. The channel may be implemented using wire or cable, fiber optics, a telephone line, a cellular link, a radio frequency (“RF”) link, or other communication channels.
In this document, the terms “non-transient computer program medium” and “non-transient computer readable medium” refer to media such as removable storage units 116, 118, or a hard disk installed in hard disk drive 112. These computer program products provide software to mobile financial transaction instrument 100. Computer programs (also referred to as “computer control logic”) may be stored in main memory 108 and/or secondary memory 110. Computer programs may also be received via the one or more communications interfaces 130. Such computer programs, when executed by a processor(s) 102, enable the mobile financial transaction instrument 100 to perform the features of the method discussed herein.
In an embodiment where the method is implemented using software, the software may be stored in a computer program product and loaded into mobile financial transaction instrument 100 using removable storage drive 114, hard drive 112, and/or communications interface 130. The software, when executed by a processor(s) 102, causes the processor(s) 102 to perform the functions of the method described herein. In another embodiment, the method is implemented primarily in hardware using, for example, hardware components such as application specific integrated circuits (“ASICs”). Implementation of the hardware state machine so as to perform the functions described herein will be understood by persons skilled in the art. In yet another embodiment, the method is implemented using a combination of both hardware and software.
One skilled in the art will understand that computers 34 and 54, server 36, POS devices 62, and ATM 70 (collectively referred to as “computing devices”) may have a similar architecture to the mobile financial transaction instruments 100 illustrated in FIG. 2. For example, the computing devices may include one or more processors 102, a communication infrastructure 104, a display 106, main and/or secondary memories 108, 110, a speaker 122, a camera 124, a microphone 126, an input device 128, and one or more communication interfaces 130. In some embodiments, one or more of the computing devices may have a different architecture than the mobile financial transaction instrument 100 illustrated in FIG. 2. For example, one or more of the computing devices may include each of the functional components illustrated in FIG. 2 except for speaker 122, camera 124, and/or microphone 126.
A user may gain access to financial institution 20 by using a device 34, 54, 100 programmed with a Web browser or other software, to locate and select (such as by clicking with a mouse) a particular webpage. The content of the webpage is located on the one or more data storage devices 26. Devices 34, 54 may be microprocessor-based computers that can communicate through the Internet using the Internet Protocol (IP), Kiosks with Internet access, connected personal digital assistants or PDAs (e.g., a PALM device manufactured by Palm, Inc., IPAQ device available from Compaq, iPhone from Apple or Blackberry from Research In Motion), or other devices capable of interactive network communications, such as an electronic personal planner.
The system and method described herein may be implemented by utilizing at least a part of the network described above in connection with FIG. 1. It should be apparent to one of ordinary skill in the art that the system may be incorporated in a LAN, in a WAN, or through an Internet 10 based approach, such as through a hosted or non-hosted application service, or through a combination thereof. The functionality of the method may be programmed and executed by at least one computer processor unit 24, with necessary data and graphical interface pages as described below stored in and retrieved from a data storage unit 26. A party can access this functionality using a device 34, 54, 100. As mentioned above, FI 20 may provide separate features and functionality for front-end users, such as customers and non-customers, and back-end users that manage the FI 20.
FIGS. 3A-3D illustrate one example of an active authentication (“AA”) method. Referring first to FIG. 3A, which is a flow chart of a financial transaction using an improved AA method, the financial transaction begins with a user logging onto the website of a FI 20. In some embodiments, the user may access the website using mobile financial transaction instrument 100 or a computer 54. In some embodiments, the user may access a website of the FI 20 via an application that has been downloaded and installed on mobile financial transaction instrument 100.
Mobile financial transaction instrument 100 or computer 54 establishes a connection with server 36 on which the FI's website resides using HTTP secure (“HTTPS”) or other encrypted communication protocol. The FI's website may authenticate the user based on data received from mobile financial transaction instrument 100 or computers 34, 54. Such data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
Once the customer number or user name and password are authenticated by FI 20, a message is transmitted via HTTPS or other encryption communication protocol to mobile financial transaction instrument 100 or computer 54. The message may be displayed in a GUI 28 that on display 106 of input device 128 or computer 54 that provides a user with one or more editable fields or input buttons. For example, the GUI displayed to the user may enable the user to identify various parameters concerning an upcoming financial transaction. Examples of such data that a user may enter may include, but not be limited to, a name of a merchant, a type of merchant (e.g., a clothing store, a food store, a gas station, movie theater, etc.), a location of the merchant, a period of time during which the transaction is to be executed (e.g., next ten minutes, next two hours, next five days, etc.), a type of transaction (e.g., credit, debit, etc.), and a maximum authorized amount, to name a few potential parameters.
Once the user has entered the parameters for the financial transaction, the data entered by the user are transmitted to FI 20. FI 20 receives the parameters of the financial transaction from the mobile financial transaction instrument 100 or computer 54 and prepares an AA transaction key that is unique for the transaction and is valid for a limited period of time. In some embodiments, the transaction key is configured such that the key is compatible with existing financial transaction systems. For example, the single-use AA transaction keys may include 16-20 individual value positions in which the first several (e.g., 2, 3, etc.) positions identify the financial institution that issued the transaction key and the remaining characters identify the transaction. However, one skilled in the art will understand that the AA transaction key may include fewer or more values.
The AA transaction keys may be alpha numeric such that the transaction key is distinguishable from legacy credit card numbers that only utilize numbers. Such AA transaction keys that are generated on a per-transaction basis, are valid for a limited amount of time, and do not include static identifiers that identify an account of a user (e.g., a static credit card number) provide enhanced security compared to conventional card verification values (“CVV”) and card verification codes (“CVC”). For example, CVV and CVC are pseudorandom numbers that provide additional layers of security on top of the existing credit card infrastructure and cannot be used to perform a financial transaction without being accompanied by a static credit card or account number. In contrast, the AA transaction key is a random alpha-numeric string that does not include any personal account information that may be misappropriated and used at a later time for a fraudulent transaction. Consequently, financial transactions performed using AA transaction keys do not need to be highly encrypted since the AA transaction keys have limited value and cannot be repeatedly used to perform unauthorized and/or fraudulent transactions. A copy of the AA transaction key may be locally or remotely stored by FI 20 in a data storage unit 26 for later use as described below.
The manner in which a financial institution generates an AA transaction key may differ from the manner in which other financial institutions generate the AA transactions keys. For example, some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution. The one or more portions of the AA transaction key that identifies or is based on a user's account may be confidential with respect to the financial institution that generates the AA transaction, and the location of the user account information or user account-based data in the AA transaction key may vary from one financial institution to another. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
FI 20 forwards a copy of the AA transaction key to mobile financial transaction instrument 100 or to computer 54 where it is stored in a computer readable storage medium such as main memory 108 or secondary memory 110. Mobile financial transaction instrument 100 or computer 54 transmits a message to FI 20 once the unique transaction key for the financial transaction has been stored by mobile financial transaction instrument 100 or computer 54 at which point the financial transaction is pending.
In embodiments in which the financial transaction is to be performed at a brick-and-mortar merchant 60, a user approaches a POS device 62 at a merchant 60 at some time after the financial transaction has been setup. POS device 62 may be a terminal configured to perform contactless transactions by sending and receiving data using NFC, Bluetooth, or through other wireless communication protocols. In one embodiment, items selected from the shelves of a merchant are scanned by the user or an employee of the merchant. A user places mobile financial transaction instrument 100 near POS device 62, which transfers the stored unique financial transaction key from mobile financial transaction instrument 100 to POS device 62.
In embodiments in which the financial transaction is performed at an online merchant 60, then the user clicks a check-out or other button displayed on a GUI displayed on display 106 of computer 54. The GUI may present the user with the ability to select the method by which the user will pay for goods or services. The user may select an active authentication option that causes the stored AA transaction key to be transmitted to merchant 60.
Merchant 60 or POS device 62 transmits a message including the unique transaction key directly to FI 20. In addition to including the unique transaction key, the message transmitted from merchant 60 or POS device 62 to FI 20 may also include data provided by merchant 60 or POS device 62 such as, for example, a total transaction amount, a merchant ID, or other merchant-specific or transaction specific data as will be understood by one skilled in the art. The message from merchant 60 or POS device 62 may be transmitted to FI 20 using a closed network connection.
The routing of data from a merchant 60 to FI 20 may be implemented in a plurality of ways. In some embodiments, a new routing system (referred to herein as an “AA Registry”) is used by merchant 60 and POS device 62 in order to properly route the message including the unique transaction key to the appropriate financial institution. For example, the AA Registry is configured to identify a particular financial institution based on the first several values of the unique transaction key. The AA Registry may include routing data including, but not limited to, IP addresses, routing numbers, and other data for routing messages between financial institutions 20 and merchants 60. The AA Registry may be a public registry operated by an entity that is trusted by both merchants and financial institutions. In embodiments in which the AA Registry is maintained by a trusted entity, the trusted entity may vet each entity that registers its data (e.g., company name or identification, IP address(es), etc.) with the AA Registry. In some embodiments, merchant banking data is also stored by the AA Registry. For example, an ABA routing number and account number of the merchant's financial institution may be registered with the AA Registry and used for merchant verification as described below.
In some embodiments, a public registry may not be provided and the routing data may be locally stored at each merchant and financial institution. For example, a merchant that performs a large volume of financial transactions may exchange routing information in the form of a data table with one or more financial institutions. Regardless of the manner in which the routing data is acquired by the merchant 60 or POS device 62, merchant 60 or POS device 62 directly routes the financial transaction message to FI 20 instead of routing the message through various layers of a complicated credit card network.
FI 20 receives the message from merchant 60 or POS device 62 and extracts the embedded data including the AA transaction key. The embedded data and AA transaction key are used by FI 20 to approve or decline the transaction. In some embodiments, FI 20 may also validate merchant 60 with the AA Registry to provide enhanced security against fraud. For example, FI 20 may extract the merchant ID and IP address from which the authorization request message was received and transmit a message to AA Registry requesting confirmation that merchant 60 from which the authorization request message was received is listed in the registry and the merchant ID matches the IP address stored by the AA Registry for the merchant. If merchant 60 is not validated by the AA Registry, then FI 20 may decline the transaction and send a message to the mobile financial transaction instrument 100 of the user. If merchant 60 is validated by the AA Registry, then FI 20 may continue authorizing the transaction.
The extracted AA transaction key is used to retrieve the predetermined parameters for the financial transaction from one or more of data storage devices 26. FI 20 compares the other data included in the message received from merchant 60 or POS device 62, e.g., total amount, merchant ID or information, etc., to the parameters associated with the unique transaction key and determines if the transaction should be validated. For example, if the amount in the message received from merchant 60 or POS device 62 exceeds the maximum transaction amount received from mobile financial transaction instrument 100 or computer 54 that is stored in data storage device 26, then FI 20 may transmit a message to merchant 60 or POS device 62 identifying that the transaction has been declined. However, if the transaction amount in the message received from merchant 60 or POS device 62 is below the maximum transaction amount received from mobile financial transaction instrument 100 or computer 54 that is stored in data storage device 26, then FI 20 may authorize the transaction. FI 20 may fund the transaction via an automated clearing house (“ACH”), account transfer, or other form of fund transfer from FI 20 to merchant 60.
In some embodiments, the financial transaction may include additional steps for providing enhanced security. For example, FI 20 may be configured to transmit a validation request to mobile financial transaction instrument 100 or computer 54 upon receiving the unique transaction key from merchant 60 or POS device 62 and verifying the transaction parameters. Mobile financial transaction instrument 100 or computer 54 displays a message on display 106 requesting user to use input device 128 to approve or decline the transaction. Upon receiving the user input approving or declining the transaction, mobile financial transaction instrument 100 or computer 54 transmits the user's input to FI 20.
In response to verifying (or declining) the financial transaction either internally or by receiving the user's validation of the financial transaction, FI 20 transmits a message to merchant 60 or POS device 62 identifying if the transaction should be approved or declined. If the financial transaction is approved by FI 20 and/or the user of mobile financial transaction instrument 100, then merchant 60 or POS device 62 executes and completes the financial transaction. FI 20 may also transmit a message to mobile financial transaction instrument 100 or computer 54 identifying that the transaction has been confirmed and completed.
A flow chart of the a method 300 performed by mobile financial transaction instrument 100 during a financial transaction that utilizes active authentication are illustrated in FIG. 3B. One skilled in the art will understand that computer 54 may perform similar functions during an online transaction with a merchant 60. As shown in FIG. 3B, mobile financial transaction instrument 100 establishes a connection with a website provided by FI 20 at block 302. As described above, the connection may be established between mobile financial transaction instrument 100 and server 36 using HTTPS or another encrypted communication link. A user may access a customer portal 28 of FI 20 where the user inputs a username or customer ID along with a password. The access to the website may be provided through a browser on mobile financial transaction instrument 100 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100.
The user may use input device 128 to gain access to the appropriate GUI provided by the FI 20 for setting up a financial transaction. At block 304, mobile financial transaction instrument 100 receives the parameters of the financial transaction input by user using input device 128. As described above, the parameters of the financial transaction may include, but not be limited to, the type of transaction that is to be performed (i.e., credit, debit, or the like), a name and/or location of a merchant, and an authorized transaction amount. Mobile financial transaction instrument 100 forwards the parameters of the financial transaction to FI 20 at block 306.
At block 308, mobile financial transaction instrument 100 receives a unique AA transaction key for the financial transaction, which is stored in a computer readable storage medium at block 310. For example, mobile financial transaction instrument 100 may store the AA transaction key in main memory 108 or secondary memory 110. Mobile financial transaction instrument 100 transmits a message to FI 20 confirming receipt of the AA transaction key at block 312.
At block 314, mobile financial transaction instrument 100 transmits the stored financial transaction key to POS device 62. The transaction key may be wirelessly transmitted using NFC or other communication method. In some embodiments, mobile financial transaction instrument 100 may receive a message from FI 20 requesting the user to validate the financial transaction at block 316, and in response, mobile financial transaction instrument 100 displays the message to a user on display 106 and receives a user input from input device 128 at block 318. At block 320, mobile financial transaction instrument 100 transmits the data input by the user to FI 20 at block 320. Mobile financial transaction instrument 100 may receive a transaction receipt or message identifying that the transaction is complete from FI 20 and/or POS device 62 at block 322.
FIG. 3C illustrates a method 320 performed by a computing device 34, 36 of FI 20 during a financial transaction that utilizes active authentication. At block 322, a connection is established with a mobile financial transaction instrument 100 or computer 54. The connection with mobile financial transaction instrument 100 may be established using HTTPS or another encrypted communication link. FI 20 authenticates the user by confirming that the username or customer number and password received from mobile financial transaction instrument 100 correspond to a user account with the FI 20 at block 324.
At block 326, FI 20 receives data defining a financial transaction from mobile financial transaction instrument 100 or computer 54. The data defining the financial transaction may include, but are not limited to, a name or type of a merchant at which the financial transaction is to be performed (e.g., a clothing store, a food store, a gas station, movie theater, etc.), a location of the merchant, a period of time during which the transaction is to be executed (e.g., next thirty minutes, next three hours, next week, etc.), a transaction type (e.g., credit, debit, etc.) and a maximum authorized transaction amount, to name a few potential parameters of the financial transaction.
FI 20 generates a temporary, single-use AA transaction key at block 328. The single-use AA transaction key may be an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the transaction key and the remainder of the transaction key may be a random string that does not include any personal account identification information related to the user. The AA transaction key may be generated by a random number generator that appends the random alpha numeric string to a prefix that identifies the financial institution that generates the AA transaction key. In some embodiments, the manner in which a financial institution generates an AA transaction key may differ from the manner in which other financial institutions generate the AA transactions keys. For example, some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution. The one or more portions of the AA transaction key that identifies or is based on a user's account may be confidential with respect to the financial institution that generates the AA transaction, and the location of the user account information or user account-based data in the AA transaction key may vary from one financial institution to another. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
At block 330, the financial transaction key is stored in a computer readable storage medium, such as data storage devices 26, along with the data received from mobile financial transaction instrument 100 that identify the parameters of the authorized financial transaction.
At block 332, FI 20 transmits the AA transaction key to mobile financial transaction instrument 100. FI 20 receives and processes a request to validate a financial transaction from a POS device 62 at block 334. For example, FI 20 extracts data from message and verifies the authenticity of the AA transaction key. The authentication of the AA transaction key may include searching data storage devices 26 to ensure that the AA transaction key has been generated and stored. FI 20 may also compare data in the message received from POS device 62 to data stored in data storage devices 26 that is associated with the AA transaction key and was received from mobile financial transaction instrument 100. For example, FI 20 may check to ensure that the transaction amount received from POS device 62 is less than or equal to the authorized transaction amount received from mobile financial transaction instrument block 326, may check that the POS device 62 from which the AA transaction key was received is associated with a merchant 60 that is of the type the user authorized at block 326, or may check to confirm other data received from POS device 62 is in accordance with the user-approved parameters of the financial transaction.
As described above, FI 20 may also validate the identity and existence of merchant 60 to provide enhanced security against fraud. For example, FI 20 may extract the merchant ID and the IP address from which the authorization request message was received and transmit the extracted information to the AA Registry. FI 20 receives a response from the AA Registry confirming or denying the existence or identification of the merchant 60 from which the POS device 62 is associated. If the message received from the AA Registry identifies that the information received from POS device 62 of merchant 60 does not match information on file with the AA Registry (i.e., the information is fraudulent or the merchant does not exist), then FI 20 may terminate or decline the transaction. If the message received from the AA Registry identifies that the information received from POS device 62 of merchant 60 matches information on file with the AA Registry, then FI 20 may continue authorizing the transaction.
In some embodiments in which additional security is desired, FI 20 transmits a validation request to mobile financial transaction instrument 100 that is based on the data received from POS device 62 at block 336. The validation request may include various parameters concerning the financial transaction that are to be displayed on display 106 of mobile financial transaction instrument 100 and requests the user to validate the transaction using mobile financial transaction instrument 100. At block 338, FI 20 receives a message from payment 100 that identifies if the user approved or denied the transaction.
FI 20 determines if the transaction should be approved or denied at decision block 340. The decision to approve or decline the financial transaction may be based on the single-use AA transaction key received from POS device 54, by comparing the data received from POS device 62 to the data received from mobile financial transaction instrument 100, including the single-use AA transaction key, and/or by determining if merchant 60 is fraudulent. In embodiments in which the additional security steps are implemented, FI 20 may also base the authorization decision on the user's response to the validation request received by FI 20 at block 338.
If the transaction is not approved, then FI 20 declines the transaction at block 342 and transmits a transaction declined message to POS device 62 and/or to mobile financial transaction instrument 100 at block 344. As will be understood by those skilled in the art, the transaction may be declined if the amount of the transaction exceeds the pre-approved transaction amount, if the single-use transaction key either does not exist or has expired, the user declines the transaction when prompted on the mobile financial transaction instrument 100, or for other reasons such as FI 20 determining that merchant 60 is fraudulent or does not exist.
If the transaction is approved, then FI 20 approves the transaction at block 346 and transmits a transaction approved message to POS device 62 and/or to mobile financial transaction instrument 100 at block 348. FI 20 may approve the transaction based on the single-use transaction key, if the parameters of the transaction received from POS device 62 sufficiently match the pre-defined financial transaction parameters entered by the user, and/or if the response to the transaction authorization message received from mobile financial transaction instrument 100 identifies the transaction as being approved.
FIG. 3D illustrates a method 360 performed by POS device 62 during a financial transaction that utilizes active authentication. Method 360 begins with POS device 62 receiving a single-use transaction key from mobile financial transaction instrument 100. The transaction key may be received from mobile financial transaction instrument 100 using NFC, Bluetooth, or another wireless transmission protocol. At block 364, POS device 62 generates data for the financial transaction for transmission to FI 20. Examples of the financial transaction data may include, but are not limited to, a merchant ID, the total amount of the transaction, a location of the merchant, to list a few possibilities.
POS device 62 transmits a message to FI 20 at block 366 requesting approval of the financial transaction. The message transmitted from POS device 62 may include the transaction key received from mobile financial transaction instrument 100 and financial transaction data generated by POS device 62. The message transmitted from POS device 62 to FI 20 may be transmitted over a closed network connection.
In some embodiments, POS device 62 may obtain the IP address or other contact information for FI 20 by contacting the AA Registry. For example, PO device 62 may strip off the first several characters of the AA transaction key received from mobile financial transaction instrument 100 and send these characters to the AA Registry. POS device 62 may receive the IP address or other contact information for routing the AA transaction key to FI 20 from the AA Registry. In some embodiments, POS device 62 retrieves the IP address of the financial institution from a local non-transient computer readable storage medium in which the financial institution contact information is associated with the identifiers of the financial institution that are included in the AA transaction key.
At block 368, POS device 62 receives a message from FI 20 identifying if the financial transaction has been approved or declined. The message may be received from financial transaction over the same closed network connection over which POS device 62 transmitted the authorization request. If the message received from FI 20 identifies that the transaction has been declined, then POS device 20 cancels the financial transaction at block 370. Canceling the financial transaction may include displaying a message on a display that the transaction has been declined and/or transmitting a message to mobile financial transaction instrument 100 that causes a message to be displayed on display 106 that the transaction has been declined. If the message received from FI 20 identifies that the transaction has been approved, then the financial transaction completed at block 372. Completing the financial transaction may include displaying a message on a display of POS device 62 that the transaction has been approved and/or transmitting a message to mobile financial transaction instrument 100 that causes a message to be displayed on display 106 that the transaction has been approved.
Other financial transactions that may be performed using AA transaction keys include transferring funds to a third party. FIGS. 4A and 4B illustrate the transmission of data between a transferor (person transferring funds), a financial institution, a transferee (person receiving funds), and an ATM. As shown in FIG. 4A, a fund transfer transaction begins with the transferor logging into a website of FI 20. The transferor may log onto the website using a computer 54 or by using a mobile application or web browser installed on a mobile financial transaction instrument 100.
Mobile financial transaction instrument 100 or computer 54 establishes a connection with server 36 on which the FI's website resides using HTTPS or other encrypted communication protocol, and the financial institution's website may authenticate the user based on data received from mobile financial transaction instrument 100 or computers 34, 54. Such data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
Once the customer number or user name and password are authenticated by FI 20, a message is transmitted via HTTPS or other encryption communication protocol to mobile financial transaction instrument 100 or computer 54. The message may be displayed in a GUI 28 that is displayed on display 106 of mobile financial transaction instrument 100 or computer 54 that provides a user with one or more editable fields or input buttons. For example, the GUI displayed to the user may enable the user to identify various parameters concerning an upcoming fund transfer transaction. Examples of such data that a user may enter may include, but not be limited to, the amount of the fund transfer, an account from which the funds are to be transferred, a phone number or other unique identifier (e.g., an international mobile subscriber identity (“IMSI”), an electronic serial number (“ESN”), or a media access control (“MAC”) address) of the mobile financial transaction instrument of the transferee, and a time period during which the fund transfer may be performed, to name a few possible data entries.
FI 20 may generate a GUI that displays the parameters of the fund transfer transaction and requests the transferor to confirm the transaction. Upon receiving a confirmation of the transaction, which may be received by FI 20 in response to the transferor using an input device 128 of mobile financial transaction instrument 100 or computer 54, FI 20 prepares a unique AA transaction key and a PIN for the wiring transaction. The AA transaction key may be an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the AA transaction key and the remainder of the AA transaction key may be a random string that does not include any personal account or otherwise static identification information related to the user. In some embodiments, the AA transaction key is generated by a random number generator that appends the random alpha numeric string to a prefix that identifies the financial institution that generates the AA transaction key. As described above, the manner in which a financial institution generates an AA transaction key may differ from the manner in which other financial institutions generate the AA transactions keys. For example, some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution.
A copy of the unique AA transaction key and PIN may be locally or remotely stored by FI 20 in a data storage unit 26 for later use as described below. Additionally, FI 20 may transfer funds from the transferor's bank account to a wash or other holding account and transmit the PIN to mobile financial transaction instrument 100 of the transferee. The PIN may be transmitted to the transferee's mobile financial transaction instrument 100 via short message service (“SMS”), email, voice mail, or via any other messaging manner as will be understood by one skilled in the art.
Turning now to FIG. 4B, the transferee logs onto a website of FI 20 using the transferee's mobile financial transaction instrument 100. In some embodiments, transferee downloads and installs a mobile application onto the transferee's mobile financial transaction instrument 100. The transferee does not need to have an account or be otherwise associated with FI 20. The mobile application establishes a connection with server 36 of FI 20 using HTTPS or other encrypted communication protocol. The transferee may enter the PIN into GUI 30 displayed on display 106 of the transferee's mobile financial transaction instrument 100.
FI 20 validates the PIN received from mobile financial transaction instrument 100 and retrieves the parameters of the wiring transaction from data storage device 26. The details of the wiring transaction may be presented to the transferee on a GUI 30 displayed on display 106 of mobile financial transaction instrument 100. The transferee may accept the funds by using input device 128 to indicate his/her acceptance of the fund transfer on GUI 30.
FI 20 retrieves the single-use AA transaction key from data storage devices 26 in response to the transferee's input accepting the fund transfer. The AA transaction key is transmitted from FI 20 to the mobile financial transaction instrument 100 of the transferee. The AA transaction key is stored in a computer readable storage medium, such as main memory 108 and/or secondary memory 110, on mobile financial transaction instrument 100.
At some time after the fund transfer has been setup, the transferee approaches an ATM 70 that is equipped with a wireless transmission module for transferring and receiving data from mobile financial transaction instrument 100. Such wireless transmission modules include, but are not limited to, modules that enable ATM 70 to transmit and receive data via NFC, Bluetooth, or through other wireless communication protocols. The transferee initiates a withdrawal of funds from ATM 70 by placing mobile financial transaction instrument 100 near ATM 70 such that the AA transaction key is transmitted to ATM 70.
ATM 70 generates a second PIN in response to receiving the AA transaction key from mobile financial transaction instrument 100. The PIN and AA transaction key are transmitted from ATM 70 to FI 20 in a request to authorize the disbursement of funds. ATM 70 may query the AA Registry using the first several characters of the AA transaction key to acquire the contact information for FI 20, or ATM 70 may be able to determine the contact information for FI 20 based on a locally stored database in which the first several characters of the AA transaction key are associated with the contact information for the financial institution. FI 20 determines if the funds should be disbursed by ATM 70 based on the AA transaction key embedded within the authorization request message received from ATM 70, which may be received through a closed network connection. If the transaction key is validated, FI 20 transmits a message authorizing the disbursement of funds to ATM 70 via the closed network connection and transmits the second PIN to the mobile financial transaction instrument 100 of the transferee.
The second PIN may be received at mobile financial transaction instrument 100 and be automatically transferred to ATM 70 via a wireless communication channel. In some embodiments, the second PIN may be received at mobile financial transaction instrument 100, which notifies the transferee in response. Such notification may include flashing an LED of mobile financial transaction instrument 100, displaying a message on display 106, and/or causing mobile financial transaction instrument 100 to vibrate or emit a noise, to list a few potential notification possibilities. The transferee may input the second PIN directly into ATM 70 using an input device of ATM 70.
ATM 70 receives the second PIN from mobile financial transaction instrument 100 and verifies that the PIN matches the PIN that was transmitted to FI 20. If ATM 70 confirms that the PIN received from mobile financial transaction instrument 100 matches the PIN transmitted to FI 20, then ATM 70 releases the funds to transferee.
FIG. 4C is illustrates one example of a method 400 that may be performed by a mobile financial transaction instrument 100 or computer 54 accessed by a transferor during a fund transfer transaction such as the one illustrated in FIGS. 4A and 4B. At block 402, mobile financial transaction instrument 100 or computer 54 establishes a connection with a website provided by FI 20. As described above, the connection may be established between computer 54 or mobile financial transaction instrument 100 and server 36 using HTTPS or other encrypted communication link. The transferor may access a customer portal 28 of FI 20 where the transferor inputs a username or customer ID along with a password. The access to the website may be provided through a browser on computer 54 or mobile financial transaction instrument 100 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100.
The transferor may enter parameters of the fund transfer into GUI 28 of the website provided by FI 20, which are transferred to FI 20 at block 404. Examples of the parameters include, but are not limited to, the amount of funds to be transferred, the account from which the funds are to be sourced, and a period of time during which the funds transfer is to be performed, to list only a few possible parameters. The transferor may also provide a phone number or other identification number of the transferee's mobile financial transaction instrument 100 at block 404. In some embodiments, an email address of the transferee in addition to, or instead of, the phone number of the transferee's mobile financial transaction instrument 100 may be provided.
In some embodiments, financial transaction device 100 or computer 54 may receive a request from FI 20 requesting the transferee to confirm and authorize the fund transfer at block 406. For example, computer 54 or mobile financial transaction instrument 100 may display a message or GUI 28 on display 106 requesting the transferor to use input device 128 to confirm and authorize the transaction. Transferor may use input device 128 to confirm and authorize the transaction in response to the prompt displayed on display 106, which is then transferred from computer 54 or mobile financial transaction instrument 100 to FI 20 at block 408.
FIG. 4D illustrates a method 420 performed by FI 20 during a funds transfer transaction such as the funds transfer transaction illustrated in FIGS. 4A and 4B. As shown in FIG. 4D, FI 20 establishes a connection with mobile financial transaction instrument 100 or computer 54 at block 422. The connection may be established between FI 20 and computer 54 or mobile financial transaction instrument 100 using HTTPS or other encrypted communication link. At block 424, FI 20 authenticates the credentials of the transferor received from computer 54 or mobile financial transaction instrument 100. Authenticating the transferor's login information may include comparing the username or customer ID and password to a database stored in data storage devices 26 that includes each of a plurality of customer usernames or identification numbers associated with a password.
FI 20 receives a request for transferring funds to a third party at block 426. The request may include various parameters defining the transaction such as, for example, the amount of funds to be transferred, the account from which the funds are to be withdrawn, and an amount of time during which the funds may be transferred. FI 20 may also receive a phone number or other identification number, such as a MAC address, IMSI or ESN, of the transferee's mobile financial transaction instrument 100 at block 404. In some embodiments, FI 20 may receive an email address of the transferee in addition to, or instead of, the phone number of the transferee's mobile financial transaction instrument 100.
At block 428, FI 20 prepares the funds transaction. For example, FI 20 may check to ensure that the amount of funds to be transferred is less than the total amount of funds available for withdrawal in the account identified by transferor, store the parameters of the transaction in a computer readable storage medium, and cause a transaction confirmation GUI to be displayed to transferor. FI 20 receives an authorization for the transaction from computer 54 or mobile financial transaction instrument 100 being used by transferor at block 430.
At block 432, FI 20 generates a one-time AA transaction key and a PIN, which are stored in one or more data storage device 26. The AA transaction key can be a random alpha numeric string that is appended to a prefix that identifies the financial institution that generated the transaction key. As will be understood by one skilled in the art, the random portion of the AA transaction key may be generated by a random number generator. Advantageously, the AA transaction key does not include static user account information that may be stolen by a third party and used to gain access to the user's funds.
In some embodiments described above, some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution. The one or more portions of the AA transaction key that identifies or is based on a user's account may be confidential with respect to the financial institution that generates the AA transaction, and the location of the user account information or user account-based data in the AA transaction key may vary from one financial institution to another. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string.
FI 20 transmits the PIN to transferee's mobile financial transaction instrument 100 at block 434. In some embodiments, the PIN is transmitted to via SMS messaging, although one skilled in the art will understand that the PIN may be transmitted via email, telephonically, or via any other messaging manner. At block 436, FI 20 transfers the funds that are to be transferred to a third party from the transferor's account to a wash account or other temporary holding account for later disbursement.
A connection is established with the transferee's mobile financial transaction instrument 100-1 at block 438. The connection may be established using HTTPS or another encrypted communication protocol through which the transferee gains access to a GUI 30 provided by FI 20. At block 440, FI 20 validates the PIN received from mobile financial transaction instrument 100 of the transferee and uses the PIN to retrieve data for the fund transfer transaction from one or more of the data storage device 26. GUI 30 provided by FI 20 requests transferee to confirm the funds transfer at block 442. If transferee accepts the funds, then at block 444 FI 20 transfers the at least partially random AA transaction key to mobile financial transaction instrument 100 of the transferee.
At block 446, FI 20 receives an authorization request from ATM 70. The authorization request may be received at FI 20 from ATM 70 via a closed network connection and includes the AA transaction key and a second PIN generated by ATM 70. FI 20 confirms that the AA transaction key matches a copy of the AA transaction key stored in data storage device 26 and checks to ensure that the authorized time for the funds transfer as identified by the transferor has not lapsed.
FI 20 transmits an authorization message to ATM 70 via the closed connection at block 450 and transmits the second PIN received from ATM 70 to the mobile financial transaction instrument 100 of the transferee at block 452.
FIG. 4E illustrates a method 460 performed by an ATM 70 during a funds transfer transaction such as the funds transfer transaction illustrated in FIGS. 4A and 4B. ATM 70 receives an AA transaction key from the mobile financial transaction instrument 100 of transferee at block 462. The AA transaction key is received from the transferee's mobile financial transaction instrument 100 via a wireless transmission protocol such as NFC, Bluetooth, or the like.
At block 464, ATM 70 generates a PIN in response to receiving the transaction key from mobile financial transaction instrument 100. The PIN may be a multi-digit number generated by a random number generator as will be understood by one skilled in the art. If the PIN is to be keyed into the ATM 70, then the PIN is numeric such that it may be used with conventional ATMs. However, if ATMs are capable of receiving alpha numeric codes via keypads or if the PIN is to be entered on the mobile financial transaction instrument 100 and then transferred to the ATM, then the PIN may be alpha numeric. ATM 70 transmits a validation request to financial institution 20 at block 466. The validation request message is transmitted via a closed network connection and includes the ATM-generated PIN. The validation request message may also include a copy of the AA transaction key received from mobile financial transaction instrument 100.
ATM 70 may query the AA Registry for the contact information of FI 20 based on the AA transaction key. For example, ATM 70 may forward the first several characters of the AA transaction key to the AA Registry, which then uses the received characters to identify the financial institution that generated the AA transaction key and the contact information (e.g., IP address) for the financial institution. In some embodiments, ATM 70 may have the appropriate contact information for the financial transaction locally stored in a non-volatile computer readable storage medium.
ATM 70 receives a message from FI 20 authorizing the disbursement of funds at block 468. The message received from FI 20 authorizing the disbursement may be received over the same closed network connection between ATM 70 and FI 20 that was used to transmit the authorization request from ATM 70 to FI 20. At block 470, ATM 70 receives the ATM-generated PIN. In some embodiments, the ATM-generated PIN is received from mobile financial transaction instrument 100 via NFC, Bluetooth, or in accordance with another wireless connection protocol. In some embodiments, ATM 70 receives the ATM-generated PIN by the transferee entering the PIN using an input device 128 of the ATM in response to being prompted by ATM 70. For example, ATM 70 may display a message on display 106 of ATM 70 requesting the transferee to enter the ATM-generated PIN using input device 128 of ATM 70.
At decision block 472, ATM 70 determines if the PIN received from transferee matches the ATM-generated PIN that ATM 70 transmitted to FI 20. If the received PIN does not match the ATM generated PIN, which may be stored in a computer readable storage medium, such as main memory 108 and/or secondary memory 110, then ATM 70 declines the transaction at block 474. ATM 70 may display a message on display 106 that the transaction has been declined when declining the transaction. At block 476, ATM 70 transmits a message to FI 20 identifying that the transaction was declined and the funds were not disbursed due to the PIN received by ATM 70 not matching the stored ATM-generated PIN.
If ATM 70 determines that the received PIN matches the stored version of the ATM-generated PIN at decision block 472, then ATM 70 approves the transaction at block 478. At block 480, ATM 70 disburses the funds to the transferee to complete the fund transfer.
In addition to the financial transaction described above, mobile financial transaction instrument 100 may also be used to perform near-instant transactions at an ATM. As shown in FIG. 5A, a user logs into a website of FI 20 using a computer 34, 54, a mobile financial transaction instrument 100, or any other device programmed with a Web browser or other software to locate and select (such as by clicking with a mouse) a particular webpage. In some embodiments, the user may access a website of the FI 20 via a mobile application that has been downloaded and installed on mobile financial transaction instrument 100. Mobile financial transaction instrument 100 or computer 54 establishes a connection with server 36 on which the FI's website resides using HTTPS or other encrypted communication protocol.
The FI's website authenticates the user based on data received from mobile financial transaction instrument 100 or computers 34, 54. Such data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
Once the customer number or user name and password are authenticated by FI 20, a message is transmitted via HTTPS or other encryption communication protocol to mobile financial transaction instrument 100 or computer 34, 54. The message may be displayed in a GUI 28 that on display 106 of input device 128 or computer 54 that provides a user with one or more editable fields or input buttons. For example, the GUI displayed to the user may enable the user to identify various parameters concerning an upcoming financial transaction that is to take place at an ATM 70. Examples of such data that a user may enter may include, but not be limited to, the type of transaction (e.g., a withdrawal, a deposit, and/or a fund transfer), a location of the ATM, a period of time during which the ATM transaction is to be executed (e.g., next twenty minutes, next four hours, the next day, etc.), an account of the user from which funds are to be withdrawn or into which they are to be deposited, and an amount of the transaction, to name a few potential parameters.
Once the user has entered the parameters for the ATM transaction, the data entered by the user is transmitted to FI 20. FI 20 receives the parameters of the ATM transaction from the mobile financial transaction instrument 100 or computer 34, 54 and prepares a unique AA transaction key for the transaction. As described above, the single-use AA transaction key may be an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the transaction key and the remainder of the transaction key may be a random string that does not include any personal account identification information. In some embodiments, some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution. As described above, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string. A copy of the unique transaction key may be locally or remotely stored by FI 20 in a data storage unit 26 for later use as described below.
FI 20 forwards a copy of the AA transaction key to mobile financial transaction instrument 100 where it is stored in a computer readable storage medium, such as main memory 108 and/or secondary memory 110. The unique AA transaction key is transmitted to mobile financial transaction instrument 100 associated with the user's account at the FI 20 even if the user sets up the financial transaction from computer 34, 54. Mobile financial transaction instrument 100 transmits a message to FI 20 once the unique AA transaction key for the ATM transaction has been stored by mobile financial transaction instrument 100 at which point the ATM transaction is pending. Depending on the type of ATM transaction, FI 20 may move funds the user has identified for withdrawal or transfer from the account identified by the user to a holding account where the funds remain until the transaction is completed.
At some time after the ATM transaction has been setup, a user approaches an ATM 70 that is configured to perform contactless transactions by sending and receiving data using NFC, Bluetooth, or through other wireless communication protocols. The user places mobile financial transaction instrument 100 near ATM 70, which transfers the stored single-use AA transaction key from mobile financial transaction instrument 100 to ATM 70.
ATM 70 receives the AA transaction key from mobile financial transaction instrument 100 and extracts the first several characters of the AA transaction key that are used to identify the financial institution that generated the AA transaction key. The characters extracted from the AA transaction key are sent to the AA Registry to identify the financial institution to which the AA transaction key is to be routed. The AA Registry uses the received characters to identify the financial institution that generated the AA transaction key and the contact information (e.g., IP address) for the financial institution. In some embodiments, ATM 70 may have the appropriate contact information for the financial transaction locally stored in a non-volatile computer readable storage medium and thus do not transfer and receive data with the AA Registry.
ATM 70 transmits a message including the AA transaction key received from mobile financial transaction instrument 100 to FI 20 via a closed network connection. FI 20 receives the message from ATM 70 and validates the AA transaction key and the transaction. Validation of the AA transaction key may include extracting the AA transaction key from the message received from ATM 70 and comparing the received AA transaction key to the copy of the AA transaction key stored in data storage device 26. FI 20 may validate the transaction by checking to ensure that the ATM transaction is in accordance with the parameters defined by the user. For example, FI 20 may confirm that the transaction is being performed within the time frame authorized by the user and at a location that was authorized by the user, which may be determined by comparing data included in the message received from ATM 70 that was added by ATM 70 (e.g., an ATM identification number, time stamp, etc).
FI 20 transmits an authorization message to ATM 70 via the closed network connection through which FI 20 received the authorization request from ATM 70. Upon receiving the authorization message from FI 20, ATM 70 executes the transaction for the user. For example, if the transaction is a withdrawal, then ATM 70 disburses the money to the user as will be understood by those skilled in the art. The near-instant ATM transaction advantageously reduces the amount of time that a person needs to remain in front of an ATM thereby increasing the security and safety of performing ATM transactions.
FIG. 5B is a flow chart of the functions performed by mobile financial transaction instrument 100 during the improved ATM transaction illustrated in FIG. 5A. At block 502, mobile financial transaction instrument 100 establishes a connection with a website provided by FI 20. The connection may be established between mobile financial transaction instrument 100 and server 36 of FI 20 using HTTPS or another encrypted communication link. A user may access a customer portal 28 of FI 20 where the user inputs a username or customer ID along with a password. The access to the website may be provided through a browser on mobile financial transaction instrument 100 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100.
The user may use input device 128 to gain access to the appropriate GUI provided by the FI 20 for setting up a financial transaction. Mobile financial transaction instrument 100 receives the parameters of the ATM transaction input by user using input device 128 at block 504, which are forwarded from mobile financial transaction instrument 100 to FI 20 at block 506.
At block 508, mobile financial transaction instrument 100 receives an AA unique transaction key for the ATM transaction. Mobile financial transaction instrument 100 stores the unique AA transaction key in a computer readable storage medium at block 510. For example, mobile financial transaction instrument 100 may store the transaction key in main memory 108 and/or in secondary memory 110. Mobile financial transaction instrument 100 transmits a message to FI 20 confirming receipt of the transaction key at 512.
At block 514, mobile financial transaction instrument 100 transmits the stored AA transaction key to ATM 70. The transaction key may be wirelessly transmitted using NFC or other wireless communication method. Once the transaction is approved between ATM 70 and FI 20, the ATM 70 executes the transaction without further input from mobile financial transaction instrument 100.
The functions performed by the financial institution during the ATM transaction illustrated in FIG. 5A are shown in FIG. 5C, which is one example of a flow diagram of a method 520 performed by the financial institution. As shown in FIG. 5C, a connection is established with a mobile financial transaction instrument 100 or computer 34, 54 at block 522. The connection with mobile financial transaction instrument 100 or computer 34, 54 may be established using HTTPS or another encrypted communication link. At block 524, FI 20 authenticates the user by confirming that the username or customer number and password received from mobile financial transaction instrument 100 or computer 34, 54 correspond to a user account with the FI 20.
FI 20 receives data defining an ATM transaction from mobile financial transaction instrument 100 or computer 34, 54 at block 526. The data received from mobile financial transaction instrument 100 or computer 34, 54 may include a location of the ATM that will be used for the transaction, the type of transaction that will be performed at the ATM (e.g., withdrawal, deposit, etc.), an amount of the transaction, and a user account that is to be involved in the transaction. One skilled in the art will understand that the data received from mobile financial transaction instrument 100 or computer 34, 54 may include more or less data.
At block 528, FI 20 prepares a single-use AA transaction key for use in the ATM transaction. The single-use AA transaction key may be generated using a random string generator to create an alpha numeric string in which the first several digits may be used to identify the financial institution that generated the transaction key and the remainder of the transaction key may be a random string that does not include any personal account identification information. As described above, some financial institutions may generate AA transaction keys that have one or more portions include data that either identifies or is based on a user's account with the institution. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string. The single-use AA transaction key is stored by FI 20 in a data storage unit 26 at block 530 for later use. In some embodiments, FI 20 may also store the parameters received from computer 34, 54 or mobile financial transaction instrument 100 defining the ATM transaction in one or more of data storage units 26 such that the parameters are associated with the single-use AA transaction key and/or an account of the user.
FI 20 transmits a copy of the single-use AA transaction key to mobile financial transaction instrument 100 at block 532. The AA transaction key is transmitted to mobile financial transaction instrument 100 even if a user provides FI 20 with the parameters of the financial transaction using computer 34, 54 since mobile financial transaction instrument 100 is used to carry out the financial transaction. At block 534, FI 20 transfers funds that are to be withdrawn to a wash account if the ATM transaction is a withdrawal.
FI 20 processes a validation request received from ATM 70 at block 536. The validation request includes a ATM-generated PIN and a copy of the AA transaction key, which is used by FI 20 to approve or decline the ATM transaction at block 538. For example, if the validation request received from ATM 70 does not include a single-use AA transaction key that matches a copy of an AA transaction key stored in one or more data storage devices 26, then FI 20 declines the transaction at block 540 and transmits a transaction declined message to mobile financial transaction instrument 100 and/or ATM 70 at block 542. In some embodiments, FI 20 may decline the transaction if the AA transaction key is received after the expiration of the authorized time period for the ATM transaction as defined by the user. FI 20 may compare a time stamp included in the authorization request message received from ATM 70 to a time value stored in a data storage device 26 to determine if the transaction is taking place within the authorized time period. FI 20 may transfer the user's funds from the temporary wash account to the account from which the funds were deducted in the event that the transaction is declined.
If FI 20 determines the transaction should be approved at block 540, then the transaction is approved at block 544. At block 546, FI 20 transmits a transaction confirmation message to ATM 70. FI 20 transmits the ATM-generated PIN to mobile financial transaction instrument 100 at block 548.
FIG. 5D illustrates one example of a method 560 performed by ATM 70 during an ATM transaction in accordance with FIG. 5A. Method 560 begins with ATM 70 receiving a single-use transaction key from mobile financial transaction instrument 100. The transaction key may be received from mobile financial transaction instrument 100 using NFC, Bluetooth, or other wireless transmission protocol when the mobile financial transaction instrument 100 is positioned near ATM 70.
ATM 70 generates a PIN at block 564. The PIN may be generated by a random number generator as will be understood by one skilled in the art. In some embodiments, the PIN is a random number string of approximately four to ten digits. However, one skilled in the art will understand that the PIN may include fewer or more numbers.
ATM 70 may extract the first several characters of the AA transaction key that are used to identify the financial institution that generated the AA transaction key and forward the extracted characters to the AA Registry to identify the financial institution to which the AA transaction key is to be routed. The AA Registry uses the received characters to identify the financial institution that generated the AA transaction key and the contact information (e.g., IP address) for the financial institution. In some embodiments, ATM 70 may have the appropriate contact information for the financial transaction locally stored in a non-volatile computer readable storage medium and thus do not transfer and receive data with the AA Registry.
At block 566, ATM 70 transmits a validation request message to FI 20 over a closed network connection. The validation request message includes the AA transaction key and the PIN generated by ATM 70. In some embodiments, the validation request message may also include additional data added by ATM 70 including, but not limited to, a time stamp, an ATM identifier, or the like.
At decision block 568, ATM 70 received a transaction authorization message from FI 20 and determines if the transaction has been authorized by FI 20. If ATM 70 determines that the transaction has been declined by FI 20, then ATM 70 declines the transaction at block 570. For example, ATM 70 may display a message to the user on display 106 identifying that the transaction has been declined.
If the authorization message received from FI 20 identifies that FI 20 has authorized the transaction, then ATM 70 determines if it has received the ATM-generated PIN from the user or mobile financial transaction instrument 100 at decision block 572. For example, a user may input a PIN using input device 128, which is analyzed by ATM 70 to determine if the input PIN matches a stored copy of the ATM-generated PIN. In some embodiments, ATM 70 may received a PIN from mobile financial transaction instrument 100 via a wireless communication connection, such as NFC, and compare the received PIN to a stored copy of the ATM-generated PIN to determine if the PINs match.
If the ATM-generated PIN has not been received or if a PIN received from a user or mobile financial transaction instrument 100 does not match the ATM-generated pin stored in a computer readable storage medium, then ATM 70 declines the transaction at block 574. Declining the transaction may include displaying a message to user on display 106 of ATM 70 or transmitting a message to mobile financial transaction instrument 100 via a wireless transmission protocol that causes a message to be displayed to the user on display 106 of mobile financial transaction instrument 100. ATM 70 may also transmit a message to FI 20 to notify FI 20 that the transaction has been declined by ATM 70.
If ATM 70 receives the ATM-generated PIN via input device 128 of ATM 70 or via a wireless communication connection with mobile financial transaction instrument 100, then ATM 70 completes the ATM transaction at block 576. For example, ATM 70 may dispense the funds to the user if the transaction is a withdrawal and may transmit a message to FI 20 identifying that the transaction has been completed.
The active authentication may also be used in connection with person-to-person (“P2P”) transaction, i.e., a transaction in which funds are transferred from one person's financial institution to the financial institution of another person. In some embodiments, the financial institutions of the person sending the funds (“transferor”) is different from the financial institution of the person receiving the funds (“transferee”). In some embodiments, the transferor and the transferee may have accounts with the same financial institution. FIGS. 6A and 6B illustrate the flow of data in a P2P transaction. Referring first to FIG. 6A, a transferor logs onto a website of a financial institution 20-1 at which the transferor has an account. The transferor may log onto the website of FI 20-1 using a browser on a computer 34, 54 or a browser or mobile application installed on a mobile financial transaction instrument 100-1.
Mobile financial transaction instrument 100-1 or computer 34, 54 establishes a connection with server 36 on which the FI's website resides using HTTPS or other encrypted communication protocol, and the financial institution's website may authenticate the transferor based on data received from mobile financial transaction instrument 100-1 or computers 34, 54. Such data may include a customer number or user name and password that the user inputs into a GUI 28 displayed on display 106 using an input device 128 as will be understood by those skilled in the art.
Once FI 20-1 authenticates the customer number or user name and associated password, the transferor is provided with a GUI 28 in which the parameters of a P2P transaction may be defined by the transferor. For example, the GUI displayed to the transferor may enable the transferor to identify the amount of the transfer, an account from which the funds are to be transferred, a phone number or other unique identifier of the mobile financial transaction instrument of the transferee (e.g., a MAC address, an IMSI, or ESN), an email address of the transferee, and a time period during which the fund transfer may be performed, to name a few possible data entries.
The transferor's FI 20-1 prepares a fund transfer based on the data provided by the transferor. The GUI 28 provided by FI 20-1 may request the transferor confirm the transaction by utilizing input device 128 of computer 34, 54 or financial transaction input device 100-1. FI 20-1 moves the funds identified by the transferor as being transferred into a wash account in response to the transaction being confirmed by the transferor. FI 20-1 also generates an AA transaction key and a PIN. The AA transaction key may include a plurality of alpha-numeric characters in which the first several alpha-numeric characters identify the financial institution that prepared the AA transaction key and the remaining characters are randomly generated. In some embodiments, the AA transaction key may include one or more portions that either identifies or is based on a user's account with the institution as described above. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string. The AA transaction key and PIN are stored in a computer readable storage medium along with the parameters of the P2P transaction received from computer 34, 54 or mobile financial transaction instrument 100-1.
FI 20-1 transmits the PIN to the mobile financial transaction instrument 100-2 of the transferee. In some embodiments, the PIN is transmitted from FI 20-1 to mobile financial transaction instrument 100-2 via SMS, email, or another data transfer method. FI 20-1 also transmits the single-use AA transaction key to the computer 34, 54 or mobile financial transaction instrument 100-1 of the transferor. The AA transaction key may be transmitted via the HTTPS or otherwise encrypted connection between FI 20-1 and computer 34, 54, or mobile financial transaction instrument 100-1. At some time after the transferor has received the single-use AA transaction key from FI 20-1, the transferor transmits the AA transaction key from computer 34, 54 or mobile financial transaction instrument 100-1 to the mobile financial transaction instrument 100-2 of the transferee. In some embodiments, the AA transaction key is wirelessly transferred via NFC, Bluetooth, or other short range wireless protocol. In some embodiments, the transferor may transmit the AA transaction key via email, SMS message, or other data transfer method as will be understood by one skilled in the art.
The P2P transaction continues when the transferee forwards the PIN received from FI 20 of the transferor and the single-use transaction key received from the computer 34, 54 or mobile financial transaction instrument 100 of the transferor to the transferee's financial institution as illustrated in FIG. 6B. The PIN and AA transaction key may be transmitted to the financial institution of the transferee from the mobile financial transaction instrument 100 used by the transferee via an encrypted communication channel such as, for example, HTTPS or the like.
Upon receiving the PIN and AA transaction key from mobile financial transaction instrument 100-2, FI 20-2 may request routing information from the TA Registry. The communication between FI 20-2 and TA Registry may be via an HTTPS or otherwise encrypted communication channel. TA Registry provides FI 20-2 with the appropriate routing information based on the request received from FI 20-2, which may include some or all of the characters of the AA transaction key. In some embodiments, FI 20-2 may have the routing information for the transferor's financial institution locally saved in a non-transient computer readable storage medium from which FI 20-2 may retrieve the routing information.
FI 20-2 receives/retrieves the routing information and transmits the single-use transaction key and PIN, which were stored in data storage devices 26 of FI 20-2, to the transferor's financial institution 20-1. The transferor's financial institution 20-1 validates the single-use AA transaction key and PIN and releases the funds from the wash account. The funds may be transferred from FI 20-1 to FI 20-2 via ACH, account transfer, or other method of fund transfer between financial institutions or within a financial institution as will be understood by one skilled in the art.
Turning now to the flow chart in FIG. 6C that illustrates one example of the functions performed by computer 34, 54 or mobile financial transaction instrument 100-1 of the transferor during the P2P transaction illustrated in FIGS. 6A and 6B, computer 34, 54 or mobile financial transaction instrument 100-1 establishes a connection with FI 20-1 using an encrypted communication protocol such as HTTPS at block 602. The transferor may access a customer portal 28 of the transferor's financial institution's website where the transferor inputs a username or customer ID along with a password. The access to the website may be provided through a browser on computer 34, 54 or a mobile financial transaction instrument 100-1 or through a mobile application that is downloaded and installed on mobile financial transaction instrument 100-1.
The transferor may use input device 128 to gain access to the appropriate GUI provided by the FI 20 for setting up a financial transaction. Mobile financial transaction instrument 100-1 or computer 34, 54 receives the parameters of the P2P transaction input by the transferor using input device 128 at block 604, which are forwarded from mobile financial transaction instrument 100-1 or computer 34, 54 to the transferor's financial institution at block 606.
At block 608, mobile financial transaction instrument 100-1 or computer 34, 54 receives a unique AA transaction key for the P2P transaction. The unique AA transaction key may be stored in a non-transient computer readable storage medium by computer 34, 54 or mobile financial transaction instrument 100-1 at block 610 for later transfer to the mobile financial transaction instrument 100-2 of the transferee at block 612. The AA transaction key may be transferred from computer 34, 54 or mobile financial transaction instrument 100-1 via a wireless transfer, such as NFC or Bluetooth, or the transfer may be made using another transmission protocol as will be understood by one skilled in the art.
One example of the functions performed by the transferor's financial institution during the P2P transaction illustrated in FIGS. 6A and 6B is shown in FIG. 6D. At block 622, a connection is established with the transferor's mobile financial transaction instrument 100-1 or computer 34, 54. The connection with mobile financial transaction instrument 100-1 or computer 34, 54 may be established using HTTPS or another encrypted communication link. At block 624, FI 20-1 authenticates the user by confirming that the username or customer number and password received from the transferor's mobile financial transaction instrument 100- or computer 34, 54 correspond to the transferor's account with the financial institution.
FI 20-1 receives data defining a P2P transaction from mobile financial transaction instrument 100-1 or computer 34, 54 at block 626. The data received from mobile financial transaction instrument 100-1 or computer 34, 54 may include an amount of the transaction, an account of the transferor that is to be involved in the transaction, and information concerning the transferee including, but not limited to, a phone number or other unique identifier of the mobile financial transaction instrument of the transferee (e.g., MAC address, IMSI, ESN, etc.), an email address of the transferee, and a time period during which the fund transfer may be performed.
The transferor's financial institution 20-1 prepares a unique, single-use AA transaction key and a PIN at block 628. The single-use AA transaction key may be a random alpha-numeric key including one or more values that identify the financial institution that prepared the key. In some embodiments, the AA transaction key may include one or more portions that either identifies or is based on a user's account with the institution as described above. For example, some financial institutions may include the identification data after the prefix, some financial institutions may include the identification data at the end or in the middle of the alpha-numeric string, and some financial institutions may intersperse the identification data at certain locations throughout the alpha-numeric string. At block 630, the PIN and AA transaction key are stored in one or more data storage devices 26 for later use. The transferor's financial institution 20-1 may also store the parameters of the P2P transaction in one or more data storage devices 26 such that the P2P transaction parameters are associated with the PIN and AA transaction key.
At block 632, the AA transaction key is transmitted to the computer 34, 54 or mobile financial transaction instrument 100-1 of the transferor. The single-use AA transaction key may be transmitted to computer 34, 54 of mobile financial transaction instrument 100-1 via a secure internet connection using HTTPS or other encrypted communication channel. The transferor's financial institution 20-1 transmits a PIN to the financial transaction device 100-2 of the transferee at block 634.
At block 636, the transferor's financial institution receives the AA transaction key and PIN number from the transferee's financial institution. The AA transaction key and PIN may be received via an encrypted connection between the financial institutions. The transferor's financial institution determines if the transaction should be approved at decision block 638. Determining if the P2P transaction should be approved may include comparing the AA transaction key and PIN received from the transferee's financial institution to copies of the AA transaction key and PIN stored in one or more of the non-transient data storage devices 26.
If the P2P transaction is declined at block 640, e.g., the AA transaction key and PIN are not valid or have expired, then the transferor's financial institution 20-1 may transmit a transaction declined message to the transferee's financial institution 20-2 at block 642. The transferor's financial institution may also transfer the funds from the wash account back into the transferor's account from which the funds were originally deducted.
If the P2P transaction is approved at block 644, then the transferor's financial institution 20-1 releases the funds from the wash account such that they may be deposited in the account of the transferee at the transferee's financial institution at block 646. At block 648, the transferor's FI 20-1 sends a message to the financial institution of the transferee notifying FI 20-2 that the P2P transaction has been confirmed and the funds are available for transfer. The transfer of funds may be performed using ACH, account transfer, or other form of fund transfer from the transferor's financial institution to the financial institution of the transferee, which may be the same financial institution or different financial institutions as described above.
One example of the functions performed by the mobile financial transaction instrument 100 of the transferee during the P2P transaction illustrated in FIGS. 6A and 6B are set forth in the flow diagram of FIG. 6E. At block 662, the transferee logs onto a website of the transferee's financial institution 20-2 using a browser or mobile application installed on the transferee's mobile financial transaction instrument 100-2. The connection established between mobile financial transaction instrument 100-2 and FI 20-2 may be an encrypted connection using HTTPS or other encryption technique. The mobile financial transaction instrument 100-2 receives an input from transferee at block 664, which results in mobile financial transaction instrument 100-2 being placed in a receive mode. When placed in the receive mode, the mobile financial transaction instrument 100 monitors its wireless transmission interface for a message to be received via a wireless communication protocol such as NFC, Bluetooth, or the like.
At block 666, mobile financial transaction instrument 100-2 receives the PIN from the transferor's FI 20-2. The PIN may be received via SMS, email, or by way of another messaging methodology. Mobile financial transaction instrument 100-2 receives the single-use AA transaction key from the transferor's mobile financial transaction instrument 100-1 at block 668. In some embodiments, the AA transaction key is received from the transferor's financial transaction key 100-1 via NFC, Bluetooth, or other wireless transmission protocol.
The AA transaction key and PIN may be temporarily stored in a non-transient computer readable storage medium, such as main memory 108 and/or secondary memory 110, of mobile financial transaction instrument 100-2 at block 670. At block 672, mobile financial transaction instrument 100-2 transmits the transaction key and PIN to the financial institution of the transferee. The AA transaction key and PIN may be transmitted via a secure connection between mobile financial transaction instrument 100-2 and FI 20-2. For example, the transaction key and PIN may be transmitted using HTTPS or other encrypted communication channel.
At block 674, mobile financial transaction instrument 100-2 receives a message from the transferee's financial institution identifying if the fund transfer was successful. The message received from transferee's FI 20-2 may be displayed to the transferee on display 106 of mobile financial transaction instrument 100-2 as will be understood by one skilled in the art.
A flow chart demonstrating one example of the functions performed by the transferee's financial institution during a P2P transaction in accordance with the one illustrated in FIGS. 6A and 6B is provided in FIG. 6F. A connection is established between transferee's FI 20-2 and the transferee's mobile financial transaction instrument 100-2 at block 682 when the transferee logs onto a website of the transferee's financial institution 20-2 using a browser or mobile application installed on the transferee's mobile financial transaction instrument 100-2. Data is exchanged between FI 20-2 and mobile financial transaction instrument 100-1 via an encrypted connection using HTTPS or other encryption technique.
At block 684, an AA transaction key and PIN are received from the transferee's mobile financial transaction instrument 100-2. The AA transaction key and PIN are received over the encrypted connection between FI 20-2 and mobile financial transaction instrument 100-2. FI 20-2 extracts the AA transaction key and PIN from the message received from mobile financial transaction instrument 100-1 and uses at least some of the received AA transaction key to request routing information from the AA Registry or to retrieve routing information from a non-transient data storage device in order to transmit the transaction key and PIN to the transferor's FI 20-1. For example, FI 20-2 may bifurcate the transaction key such that the first several characters are used for determining the routing information and the remainder of the transaction key is stored in a non-volatile computer readable storage medium.
The characters used for identifying the financial institution that issued the AA transaction key are transmitted to the AA Registry in a message requesting the appropriate routing information for routing the transaction key or is retrieved from the computer readable storage medium at block 686. At block 688, the transferee's financial institution transmits the AA transaction key and PIN to the transferor's financial institution using the routing information received from the AA Registry or retrieved from the storage medium.
A message is received from the transferor's financial institution 20-1 identifying if the transaction has been approved or declined at block 690. The message received from the transferor's financial institution may be received via the same connection as the authorization request message transmitted to FI 20-1 at block 688. The transferee's financial institution transmits a message to the mobile financial transaction instrument 100-2 of the transferee indentifying if the transaction has been approved or declined at block 692.
If the transaction is approved by the transferor's financial institution, then transferee's financial institution receives the funds from the transferor's financial institution at block 694. The funds may be received via ACH, account transfer, or other form of fund transfer from the transferor's financial institution to the financial institution of the transferee, which may be the same financial institution or different financial institutions as described above.
The disclosed systems and methods described herein advantageously enable financial transactions to be implemented using unique, single-use AA transaction keys that limit the risk of misappropriation and fraud since the transaction keys do not include static user account information. Consequently, the transmission of data during the financial transaction does not require high-level encryption as the transmitted messages of the transaction do not include personal account information that can be misappropriated and used at a later time for fraudulent transactions. In addition to being used at online and brick-and-mortar merchants, the transaction keys may be used at ATMs as well as for P2P and money wiring transactions.
Although the systems and methods have been described in terms of exemplary embodiments, they are not limited thereto. Rather, the appended claims should be construed broadly, to include other variants and embodiments of the systems and methods, which may be made by those skilled in the art without departing from the scope and range of equivalents of the systems and methods.

Claims (18)

What is claimed is:
1. A financial transaction method, comprising:
receiving, by a computer processor, a request from a user device of a user to perform a financial transaction at a financial institution;
generating, by the computer processor, a first personal identification number (PIN) and a randomly generated single-use transaction key, the randomly generated single-use transaction key comprising an alpha-numeric string that is valid for a limited period of time and lacking a static identifier associated with an account of the user at the financial institution, wherein the first PIN and the single-use transaction key are different;
storing, by the computer processor, at least a first portion of the single-use transaction key in non-transient computer-readable storage medium associated with the computer processor and the first PIN;
transmitting, using the computer processor, the first PIN to the user device that requested the financial transaction;
establishing, by the computer processor, a secure connection with the user device;
receiving, by the computer processor, a first PIN attempt from the user device;
validating, by the computer processor, the first PIN attempt responsive to the first PIN attempt matching the first PIN;
responsive to validating the first PIN, transmitting the single-use transaction key to the user device;
receiving, by the computer processor, an authorization request to conduct a withdrawal from an automated teller machine (ATM), the authorization request comprising at least a portion of the single-use transaction key;
determining whether the received portion of the single-use transaction key matches the stored first portion of the single-use transaction key and the received portion is received before the limited period of time has expired;
responsive to determining the stored and received portions of the single-use transaction key do not match, or that the received portion was not received before the limited period of time has expired:
declining, by the computer processor, the financial transaction; and
transmitting, by the computer processor, a message to the user device identifying the declined financial transaction;
responsive to determining the stored and received portions of the single-use transaction key match, and that the received portion was received before the limited period of time has expired:
transmitting, by the computer processor, an authorized transaction amount to the user device as a transaction validation request;
receiving, at the computer processor, a transaction validation from the user; and
responsive to receiving the transaction validation from the user, transmitting, by the computer processor, an authorization message to the ATM;
generating, by the ATM, an ATM PIN;
receiving, by the ATM and from the user device, an ATM PIN attempt;
determining that the ATM PIN attempt matches the ATM PIN by comparing the ATM PIN attempt to the ATM PIN; and
responsive to determining that the ATM PIN attempt matches the ATM PIN, completing the financial transaction by dispensing, by the ATM, funds.
2. The financial transaction method of claim 1, further comprising:
establishing, by the computer processor and using Hypertext Transfer Protocol Secure (HTTPS), an encrypted connection with the user device;
receiving, by the computer processor and via the encrypted connection, a username and password; and
authenticating, by the computer processor, the received username and password, and
wherein the request is received via the encrypted connection and from a mobile financial transaction instrument of the user including at least one of a computer or a wireless device.
3. The financial transaction method of claim 1, wherein the authorization request lacks the static identifier.
4. The financial transaction method of claim 1, further comprising:
responsive to determining a received second portion of the single-use transaction key does not match the stored first portion of the single-use transaction key or a transaction validation is denied by the user, transmitting, by the computer processor, a message to the ATM declining the financial transaction.
5. The financial transaction method of claim 1, wherein the stored first portion of the single-use transaction key comprises an alpha-numeric string and a remaining portion of the single-use transaction key comprises one or more characters associated with the financial institution.
6. The financial transaction method of claim 5,
wherein the received portion of the single-use transaction key includes the alpha-numeric string.
7. A financial transaction system, comprising:
an automated teller machine (ATM);
one or more processors; and
memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, cause the system to:
receive a request to perform a financial transaction from a user device associated with a user having an account with a financial institution;
generate, responsive to receiving the request, a first personal identification number (PIN) and a single-use transaction key that comprises an alpha-numeric string that is valid for a limited period of time and lacking a static identifier, wherein the first PIN and the single-use transaction key are different;
store at least a portion of the single-use transaction key and the first PIN in the memory;
transmit the first PIN to a user device associated with the user;
establish a secure connection with the user device;
receive a first PIN attempt from the user device;
determine whether the first PIN attempt matches the first PIN by comparing the first PIN attempt to the first PIN;
responsive to determining the first PIN attempt does not match the first PIN, or that the limited period of time has expired:
decline the financial transaction; and
transmit a message to the user device identifying the declined financial transaction;
responsive to determining the first PIN attempt matches the first PIN:
transmit the single-use transaction key to the user device;
receive an authorization request to conduct a withdrawal from the ATM, the authorization request comprising at least a portion of the single-use transaction key;
determine whether the received portion of the single-use transaction key matches the stored portion of the single-use transaction key and the received portion is received before the limited period of time has expired;
responsive to determining the received and stored portions of the single-use transaction key match, and that the received portion is received before the limited period of time has expired, transmit an authorization message to the ATM causing the ATM to:
generate an ATM PIN;
receive an ATM PIN attempt from the user device;
determine that the ATM PIN attempt matches the ATM PIN by comparing the ATM PIN attempt to the ATM PIN; and
responsive to determining that the ATM PIN attempt matches the ATM PIN, complete the financial transaction by dispensing funds.
8. The financial transaction system of claim 7, wherein the instructions, when executed by the one or more processors, further cause the system to:
establish, using Hypertext Transfer Protocol Secure (HTTPS), an encrypted connection with the user device;
receive, via the encrypted connection, a username and password;
authenticate the received username and password; and
responsive to the received portion of the single-use transaction key matching the stored portion of the single-use transaction key, transfer funds from the account of the user at the financial institution from the ATM, wherein the request is received via the encrypted connection.
9. The financial transaction system of claim 7, wherein the stored portion of the single-use transaction key is randomly generated by the one or more processors and a remaining portion of the single-use transaction key comprises one or more characters associated with the financial institution.
10. A non-transient machine-readable storage medium encoded with program code, wherein when the program code is executed by a processor, the processor performs a method comprising the steps of:
receiving, from a user device of a user, a request to perform a financial transaction, the user having an account at a financial institution;
responsive to the request, randomly generating a first personal identification number (PIN) and a single-use transaction key, the single-use transaction key comprising an alpha-numeric string, valid for a limited period of time, and lacking a static identifier associated with the account of the user at the financial institution, wherein the first PIN and the single-use transaction key are different;
transmitting the first PIN to the user device;
establishing a secure connection with the user device;
receiving a first PIN attempt from the user device;
determining that the first PIN attempt matches the first PIN by comparing the first PIN attempt to the first PIN;
responsive to determining the first PIN attempt does not match the first PIN, or that the limited period of time has expired:
declining the financial transaction; and
transmitting a message to the user device identifying the declined financial transaction;
responsive to determining the first PIN attempt matches the first PIN:
transmitting the single-use transaction key to the user device;
receiving an authorization request to conduct a withdrawal from an automated teller machine (ATM), the authorization request comprising at least a portion of the single-use transaction key; and
causing the ATM to dispense funds to complete the financial transaction by determining the received portion of the single-use transaction key matches the single-use transaction key and the received portion is received before the limited period of time has expired.
11. The non-transient machine-readable storage medium of claim 10, wherein the method further comprising the step of:
responsive to determining the received portion of the single-use transaction key matches the single-use transaction key, transferring funds from the account of the user at the financial institution from the ATM.
12. The non-transient machine-readable storage medium of claim 10, wherein the single-use transaction key includes an alpha-numeric string and a remaining portion of the single-use transaction key includes characters associated with the financial institution, and
wherein the received portion of the single-use transaction key includes the alpha-numeric string.
13. The non-transient machine-readable storage medium of claim 10, wherein the method further comprising the steps of:
establishing an encrypted connection with the user device using Hypertext Transfer Protocol Secure (HTTPS);
receiving, via the encrypted connection, a username and password; and
authenticating the received username and password, and
wherein the request to perform the financial transaction is received via the encrypted connection.
14. The financial transaction method of claim 1 further comprising:
receiving, by the computer processor, financial transaction parameters from the user at the financial institution; and,
storing, by the computer processor, the financial transaction parameters with the stored first portion of the single-use transaction key in the non-transient computer-readable storage medium.
15. The financial transaction method of claim 14 further comprising:
comparing, by the computer processor, received financial transaction data with the stored financial transaction parameters; and
responsive to determining the received portion of the single-use transaction key does not match the stored first portion of the single-use transaction key, transmitting the authorization message to the ATM.
16. The financial transaction method of claim 15 further comprising:
responsive to determining the received portion of the single-use transaction key does not match the stored first portion of the single-use transaction key, transmitting, by the computer processor, a message to the ATM declining the financial transaction.
17. The non-transient machine-readable storage medium of claim 12, wherein the alpha-numeric string is randomly generated.
18. The financial transaction method of claim 1, further comprising:
receiving, from an automated teller machine (ATM), a third portion of the single-use transaction key; and
authorizing a funds withdrawal at the ATM when the received third portion of the single-use transaction key matches the stored first portion of the single-use transaction key.
US13/085,754 2011-03-15 2011-04-13 Systems and methods for performing financial transactions using active authentication Active 2033-02-22 US11514451B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US13/085,754 US11514451B2 (en) 2011-03-15 2011-04-13 Systems and methods for performing financial transactions using active authentication
US14/577,716 US10108959B2 (en) 2011-03-15 2014-12-19 Systems and methods for performing ATM fund transfer using active authentication
US16/145,929 US11042877B2 (en) 2011-03-15 2018-09-28 Systems and methods for performing ATM fund transfer using active authentication
US17/352,831 US11836724B2 (en) 2011-03-15 2021-06-21 Systems and methods for performing ATM fund transfer using active authentication
US17/980,106 US20230059316A1 (en) 2011-03-15 2022-11-03 Systems and methods for performing financial transactions using active authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161452880P 2011-03-15 2011-03-15
US13/085,754 US11514451B2 (en) 2011-03-15 2011-04-13 Systems and methods for performing financial transactions using active authentication

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/101,759 Continuation US10089612B2 (en) 2011-03-15 2011-05-05 Systems and methods for performing ATM fund transfer using active authentication

Related Child Applications (3)

Application Number Title Priority Date Filing Date
US13/101,759 Continuation US10089612B2 (en) 2011-03-15 2011-05-05 Systems and methods for performing ATM fund transfer using active authentication
US14/577,716 Continuation US10108959B2 (en) 2011-03-15 2014-12-19 Systems and methods for performing ATM fund transfer using active authentication
US17/980,106 Continuation US20230059316A1 (en) 2011-03-15 2022-11-03 Systems and methods for performing financial transactions using active authentication

Publications (2)

Publication Number Publication Date
US20120239572A1 US20120239572A1 (en) 2012-09-20
US11514451B2 true US11514451B2 (en) 2022-11-29

Family

ID=46829258

Family Applications (5)

Application Number Title Priority Date Filing Date
US13/085,754 Active 2033-02-22 US11514451B2 (en) 2011-03-15 2011-04-13 Systems and methods for performing financial transactions using active authentication
US14/577,716 Active 2033-11-11 US10108959B2 (en) 2011-03-15 2014-12-19 Systems and methods for performing ATM fund transfer using active authentication
US16/145,929 Active 2032-01-15 US11042877B2 (en) 2011-03-15 2018-09-28 Systems and methods for performing ATM fund transfer using active authentication
US17/352,831 Active 2031-08-08 US11836724B2 (en) 2011-03-15 2021-06-21 Systems and methods for performing ATM fund transfer using active authentication
US17/980,106 Pending US20230059316A1 (en) 2011-03-15 2022-11-03 Systems and methods for performing financial transactions using active authentication

Family Applications After (4)

Application Number Title Priority Date Filing Date
US14/577,716 Active 2033-11-11 US10108959B2 (en) 2011-03-15 2014-12-19 Systems and methods for performing ATM fund transfer using active authentication
US16/145,929 Active 2032-01-15 US11042877B2 (en) 2011-03-15 2018-09-28 Systems and methods for performing ATM fund transfer using active authentication
US17/352,831 Active 2031-08-08 US11836724B2 (en) 2011-03-15 2021-06-21 Systems and methods for performing ATM fund transfer using active authentication
US17/980,106 Pending US20230059316A1 (en) 2011-03-15 2022-11-03 Systems and methods for performing financial transactions using active authentication

Country Status (1)

Country Link
US (5) US11514451B2 (en)

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8868463B2 (en) * 2007-06-08 2014-10-21 At&T Intellectual Property I, L.P. System and method of managing digital rights
WO2012106757A1 (en) * 2011-02-07 2012-08-16 David Ball A smart card with verification means
US11514451B2 (en) 2011-03-15 2022-11-29 Capital One Services, Llc Systems and methods for performing financial transactions using active authentication
US10089612B2 (en) * 2011-03-15 2018-10-02 Capital One Services, Llc Systems and methods for performing ATM fund transfer using active authentication
US10453062B2 (en) * 2011-03-15 2019-10-22 Capital One Services, Llc Systems and methods for performing person-to-person transactions using active authentication
US10395223B2 (en) 2012-03-07 2019-08-27 Early Warning Services, Llc System and method for transferring funds
US11593800B2 (en) 2012-03-07 2023-02-28 Early Warning Services, Llc System and method for transferring funds
CN103379491A (en) * 2012-04-12 2013-10-30 中兴通讯股份有限公司 User terminal, cipher transaction terminal, system and method used for cipher verification
US9354837B2 (en) 2012-07-06 2016-05-31 Marvell World Trade Ltd. Methods and apparatus for interfacing a host device to a peripheral device in order to increase consumption of consumable products by the peripheral device
CA2854150C (en) 2013-06-10 2024-02-06 The Toronto Dominion Bank High fraud risk transaction authorization
DE102013019870B4 (en) * 2013-11-28 2019-08-08 Friedrich Kisters Authentication and / or identification method in a communication network
US9721248B2 (en) * 2014-03-04 2017-08-01 Bank Of America Corporation ATM token cash withdrawal
US9830597B2 (en) 2014-03-04 2017-11-28 Bank Of America Corporation Formation and funding of a shared token
US10592900B2 (en) 2014-06-13 2020-03-17 Sungard Avantgard Llc Systems and methods for authenticating and providing payment to a supplier
GB2530258A (en) * 2014-09-15 2016-03-23 Mastercard International Inc Authentication of communications
US9367845B2 (en) 2014-09-23 2016-06-14 Sony Corporation Messaging customer mobile device when electronic bank card used
US9953323B2 (en) 2014-09-23 2018-04-24 Sony Corporation Limiting e-card transactions based on lack of proximity to associated CE device
US9317847B2 (en) 2014-09-23 2016-04-19 Sony Corporation E-card transaction authorization based on geographic location
US9558488B2 (en) 2014-09-23 2017-01-31 Sony Corporation Customer's CE device interrogating customer's e-card for transaction information
US9378502B2 (en) * 2014-09-23 2016-06-28 Sony Corporation Using biometrics to recover password in customer mobile device
US9355424B2 (en) 2014-09-23 2016-05-31 Sony Corporation Analyzing hack attempts of E-cards
US10262316B2 (en) 2014-09-23 2019-04-16 Sony Corporation Automatic notification of transaction by bank card to customer device
US9292875B1 (en) 2014-09-23 2016-03-22 Sony Corporation Using CE device record of E-card transactions to reconcile bank record
US9646307B2 (en) 2014-09-23 2017-05-09 Sony Corporation Receiving fingerprints through touch screen of CE device
GB2534116A (en) * 2014-11-03 2016-07-20 Trurating Ltd PIN entry device
DE102015006751A1 (en) * 2015-05-26 2016-12-01 Giesecke & Devrient Gmbh Method for providing a personal identification code of a security module
US11386410B2 (en) 2015-07-21 2022-07-12 Early Warning Services, Llc Secure transactions with offline device
KR101715504B1 (en) * 2015-09-16 2017-03-14 성균관대학교산학협력단 Authentication method for otp using color code and authentication server for otp using color code
US10535047B1 (en) * 2015-11-19 2020-01-14 Wells Fargo Bank N.A. Systems and methods for financial operations performed at a contactless ATM
US10706400B1 (en) * 2015-11-19 2020-07-07 Wells Fargo Bank, N.A. Systems and methods for financial operations performed at a contactless ATM
US11341495B2 (en) * 2016-02-29 2022-05-24 Paypal, Inc. Electronic method for instantly creating an account with a service provider during point of sale
US10460367B2 (en) 2016-04-29 2019-10-29 Bank Of America Corporation System for user authentication based on linking a randomly generated number to the user and a physical item
US10268635B2 (en) 2016-06-17 2019-04-23 Bank Of America Corporation System for data rotation through tokenization
US11042852B1 (en) * 2017-06-23 2021-06-22 Wells Fargo Bank, N.A. Sender authenticated remittance via an automatic teller machine
US10498705B2 (en) 2017-11-15 2019-12-03 Visa International Service Association Dynamic offline encryption
US11461746B1 (en) * 2017-12-15 2022-10-04 Sprint Communications Company L.P. Block chain recordation of in-kind payments
US10474986B1 (en) 2018-04-25 2019-11-12 Capital One Services, Llc Facilitating delivery of a product
EP3815017A1 (en) * 2018-06-29 2021-05-05 Diebold Nixdorf Incorporated System for inputting a pin block to a network
US10607456B1 (en) * 2019-05-17 2020-03-31 Capital One Services, Llc Network-tetherable automated teller machine
US20210142328A1 (en) * 2019-11-13 2021-05-13 Early Warning Services, Llc System and method for preventing fraud in real-time payment transactions
US11349833B2 (en) 2020-03-21 2022-05-31 Kyndryl, Inc. Multi-factor authentication utilizing device pairing
US11145170B1 (en) 2020-05-27 2021-10-12 Bank Of America Corporation Automatic teller machine with pre-registration
US11544683B2 (en) 2020-10-26 2023-01-03 Visa International Service Association System, method, and computer program product for a contactless ATM experience
WO2022190093A1 (en) * 2021-03-08 2022-09-15 Asher Yahalom Systems and methods for generating a dynamic cvv and/or pin
US11935055B2 (en) 2021-03-22 2024-03-19 Bank Of America Corporation Wired multi-factor authentication for ATMs using an authentication media

Citations (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5053957A (en) * 1987-10-23 1991-10-01 Omron Tateisi Electronics Co. Electronic cash register having discount prices selected by customer level
US5206905A (en) * 1989-05-15 1993-04-27 Dallas Semiconductor Corp. Password protected device using incorrect passwords as seed values for pseudo-random number generator for outputting random data to thwart unauthorized accesses
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US20030014633A1 (en) * 2001-07-12 2003-01-16 Gruber Thomas Robert Method and system for secure, authorized e-mail based transactions
US20030028481A1 (en) 1998-03-25 2003-02-06 Orbis Patents, Ltd. Credit card system and method
US20030115146A1 (en) * 2001-08-27 2003-06-19 Dataplay, Inc. System and method for detecting unauthorized copying of encrypted data
US20030115147A1 (en) * 2001-08-27 2003-06-19 Feldman Timothy R. Secure access method and system
US20030149662A1 (en) 2000-02-10 2003-08-07 Jon Shore Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers
US20030172272A1 (en) * 2000-05-24 2003-09-11 Ehlers Gavin Walter Authentication system and method
US20030177361A1 (en) * 2000-08-04 2003-09-18 Wheeler Lynn Henry Method and system for using electronic communications for an electronic contract
US20040059952A1 (en) * 2000-12-14 2004-03-25 Peter Newport Authentication system
US20040143633A1 (en) * 2003-01-18 2004-07-22 International Business Machines Corporation Instant messaging system with privacy codes
US20050043011A1 (en) * 1999-09-20 2005-02-24 Numerex Corp. Method and system for refining vending operations based on wireless data
US20050077349A1 (en) * 2000-03-07 2005-04-14 American Express Travel Related Services Company, Inc. Method and system for facilitating a transaction using a transponder
US20050155060A1 (en) * 2004-01-13 2005-07-14 Sanden Corporation Display system for vending machine
US20050246293A1 (en) * 2002-03-04 2005-11-03 Ong Yong K Electronic transfer system
US20060006224A1 (en) 2004-07-06 2006-01-12 Visa International Service Association, A Delaware Corporation Money transfer service with authentication
US20060190345A1 (en) * 2004-12-30 2006-08-24 Inspired Broadcast Networks Limited Vending equipment
US20070016941A1 (en) * 2005-07-08 2007-01-18 Gonzalez Carlos J Methods used in a mass storage device with automated credentials loading
US20070088952A1 (en) * 2004-12-21 2007-04-19 Richard Jacka Authentication device and/or method
US20070124242A1 (en) 2005-11-15 2007-05-31 Reis A D Jr Funds transfer system
US20070203850A1 (en) 2006-02-15 2007-08-30 Sapphire Mobile Systems, Inc. Multifactor authentication system
US20070203835A1 (en) 2006-02-27 2007-08-30 Yigang Cai Automated teller service using wireless telephony
US20080022089A1 (en) * 2006-06-26 2008-01-24 Leedom Charles M Security system for handheld wireless devices using-time variable encryption keys
US20080052245A1 (en) * 2006-08-23 2008-02-28 Richard Love Advanced multi-factor authentication methods
US7350230B2 (en) 2002-12-18 2008-03-25 Ncr Corporation Wireless security module
US20080172340A1 (en) 2007-01-15 2008-07-17 Thomas Karlsson Method and system for carrying out a transaction between a mobile device and a terminal
US20090024506A1 (en) 2007-07-18 2009-01-22 Houri Marc Cellphone activated atm transactions
US20090104888A1 (en) 2007-10-17 2009-04-23 First Data Corporation Onetime Passwords For Mobile Wallets
US20090112768A1 (en) 2007-10-25 2009-04-30 Ayman Hammad Payment transaction using mobile phone as relay
US7540408B2 (en) 2006-06-22 2009-06-02 Hip Consult Inc. Apparatus and method for facilitating money or value transfer
US7562813B2 (en) 2006-05-10 2009-07-21 First Data Corporation System and method for activating telephone-based payment instrument
US20090216680A1 (en) * 2008-02-26 2009-08-27 Battelle Energy Alliance, Llc Systems and Methods for Performing File Distribution and Purchase
US20090271276A1 (en) 2008-04-24 2009-10-29 Qualcomm Incorporated Electronic payment system
US20100046553A1 (en) * 2008-08-20 2010-02-25 Esther Finale LLC Data packet generator for generating passcodes
US20100059587A1 (en) 1998-04-17 2010-03-11 Diebold Self-Service Systems Division Of Diebold, Incorporated Banking system controlled responsive to data bearing records
US20100089998A1 (en) * 2008-10-13 2010-04-15 Sandstrom Ronald W Electronic Transaction Security System and Method
US20100114773A1 (en) 2008-10-31 2010-05-06 First Data Corporation Systems, Methods, And Apparatus For Using A Contactless Transaction Device Reader With A Computing System
US20100185860A1 (en) 2007-11-19 2010-07-22 Ezmcom, Inc. Method for authenticating a communication channel between a client and a server
US20100223182A1 (en) 2000-09-26 2010-09-02 Battaglini Stephen D Integrated Technology Money Transfer System
US7822666B1 (en) * 2001-10-29 2010-10-26 Mcafee, Inc. Secure single-use transaction numbers
US7861077B1 (en) * 2005-10-07 2010-12-28 Multiple Shift Key, Inc. Secure authentication and transaction system and method
US7865448B2 (en) 2004-10-19 2011-01-04 First Data Corporation Methods and systems for performing credit transactions with a wireless device
US20110016047A1 (en) 2009-07-16 2011-01-20 Mxtran Inc. Financial transaction system, automated teller machine (atm), and method for operating an atm
US20110159844A1 (en) * 2009-12-28 2011-06-30 Nokia Corporation Method and apparatus for user interaction while device is locked
US20110238573A1 (en) 2010-03-25 2011-09-29 Computer Associates Think, Inc. Cardless atm transaction method and system
US20110244798A1 (en) * 2010-02-24 2011-10-06 Wherepro, Llc Data Packet Generator and Implementations of Same
US20130332366A1 (en) * 2012-06-08 2013-12-12 Fmr Llc Mobile Device Software Radio for Securely Passing Financial Information between a Customer and a Financial Services Firm
US8843757B2 (en) * 2009-11-12 2014-09-23 Ca, Inc. One time PIN generation
KR20160007153A (en) * 2014-07-11 2016-01-20 중소기업은행 Financial transaction system using security intensification one time password and method thereof
US20170337625A1 (en) * 2016-05-18 2017-11-23 Fannie Mae Using automated data validation in loan origination to evaluate credit worthiness and data reliability
US20170357799A1 (en) * 2016-06-12 2017-12-14 Logmein, Inc. Tracking and managing multiple time-based one-time password (TOTP) accounts
US10108959B2 (en) * 2011-03-15 2018-10-23 Capital One Services, Llc Systems and methods for performing ATM fund transfer using active authentication
US20190036915A1 (en) * 2014-03-28 2019-01-31 Netiq Corporation Time-based one time password (totp) for network authentication
US20190043045A1 (en) * 2016-01-29 2019-02-07 Xard Group Pty Ltd Limited operational life password for digital transactions
US10453062B2 (en) * 2011-03-15 2019-10-22 Capital One Services, Llc Systems and methods for performing person-to-person transactions using active authentication
US10762483B2 (en) * 2014-03-04 2020-09-01 Bank Of America Corporation ATM token cash withdrawal
US10789580B2 (en) * 2011-03-15 2020-09-29 Capital One Services, Llc Systems and methods for performing ATM fund transfer using active authentication
US10839647B2 (en) * 2003-10-01 2020-11-17 Everi Payments Inc. Multi-function cashless gaming ATM
US10853778B2 (en) * 2014-07-21 2020-12-01 Paypal, Inc. Secure cardless cash withdrawal
US10990933B2 (en) * 2002-01-15 2021-04-27 Tara Chand Singhal System and method for a private and secure financial transaction system using an ATM
US11107072B2 (en) * 2010-04-09 2021-08-31 Paypal, Inc. Mobile phone ATM processing methods and systems

Family Cites Families (82)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5350906A (en) * 1992-11-25 1994-09-27 Brody Bill E Currency transfer system and method using fixed limit cards
US5326960A (en) * 1992-11-25 1994-07-05 Tannenbaum David H Currency transfer system and method
US5799087A (en) * 1994-04-28 1998-08-25 Citibank, N.A. Electronic-monetary system
US5650604A (en) * 1995-02-22 1997-07-22 Electronic Data Systems Corporation System and method for electronic transfer of funds using an automated teller machine to dispense the transferred funds
US7039600B1 (en) * 1998-11-27 2006-05-02 Diebold, Incorporated ATM customer marketing system
US7177835B1 (en) * 1997-08-28 2007-02-13 Walker Digital, Llc Method and device for generating a single-use financial account number
US7445146B2 (en) 1998-04-17 2008-11-04 Diebold, Incorporated Card activated cash dispensing automated banking machine system and method
US7392938B1 (en) 1998-04-17 2008-07-01 Diebold, Incorporated Cash withdrawal from ATM via videophone
US6484182B1 (en) * 1998-06-12 2002-11-19 International Business Machines Corporation Method and apparatus for publishing part datasheets
US7636694B1 (en) * 1998-09-18 2009-12-22 Mastercard International Incorporated Apparatus and method for generating an electronic-commerce personal identification number cryptographically related to an ATM personal identification number
US8413889B1 (en) * 1998-11-27 2013-04-09 Diebold, Incorporated Banking system operated responsive to data bearing records
US7980462B1 (en) * 1998-11-27 2011-07-19 Diebold Self-Service Systems Division Of Diebold, Incorporated Automated transaction machine with card reader that can read unique magnetic characteristic of a magnetic stripe
US20020152180A1 (en) * 1999-09-10 2002-10-17 Paul Turgeon System and method for performing secure remote real-time financial transactions over a public communications infrastructure with strong authentication
US7577612B2 (en) * 2000-02-18 2009-08-18 Ncr Corporation Self service terminal
US20010047335A1 (en) * 2000-04-28 2001-11-29 Martin Arndt Secure payment method and apparatus
US7107462B2 (en) * 2000-06-16 2006-09-12 Irdeto Access B.V. Method and system to store and distribute encryption keys
US6961858B2 (en) * 2000-06-16 2005-11-01 Entriq, Inc. Method and system to secure content for distribution via a network
US20020013767A1 (en) * 2000-06-26 2002-01-31 Norman Katz Electronic funds transfer system for financial transactions
US7392388B2 (en) * 2000-09-07 2008-06-24 Swivel Secure Limited Systems and methods for identity verification for secure transactions
US7680738B2 (en) * 2000-11-22 2010-03-16 American Express Travel Related Services Company, Inc. System and method for executing cash payments via a computer network
US7150045B2 (en) * 2000-12-14 2006-12-12 Widevine Technologies, Inc. Method and apparatus for protection of electronic media
CN1172053C (en) 2001-02-09 2004-10-20 广东溢达纺织有限公司 Technology for knitting washing-resistant cotton fabric without ironing
AU2002338261A1 (en) * 2001-03-30 2002-10-15 Crossmar, Inc. Method and system for multi-currency escrow service for web-based transactions
US7080049B2 (en) * 2001-09-21 2006-07-18 Paymentone Corporation Method and system for processing a transaction
US6908030B2 (en) * 2001-10-31 2005-06-21 Arcot Systems, Inc. One-time credit card number generator and single round-trip authentication
US7020635B2 (en) * 2001-11-21 2006-03-28 Line 6, Inc System and method of secure electronic commerce transactions including tracking and recording the distribution and usage of assets
US20040024700A1 (en) 2001-11-29 2004-02-05 Petigny A. Michelle Electronic funds transfer method and system
US20030195859A1 (en) 2002-04-16 2003-10-16 Lawrence Jason E. System and methods for authenticating and monitoring transactions
US20030212601A1 (en) * 2002-05-09 2003-11-13 Ivan Silva Credit card SMS portal transmission system and process
US7349871B2 (en) * 2002-08-08 2008-03-25 Fujitsu Limited Methods for purchasing of goods and services
US7606560B2 (en) * 2002-08-08 2009-10-20 Fujitsu Limited Authentication services using mobile device
IES20030603A2 (en) * 2002-08-16 2004-02-25 Internet Payments Patents Ltd A funds transfer method and system
US20040044739A1 (en) * 2002-09-04 2004-03-04 Robert Ziegler System and methods for processing PIN-authenticated transactions
US8321346B2 (en) 2002-12-19 2012-11-27 International Business Machines Corporation Automated teller machine for use with computing devices
US7309004B1 (en) * 2002-12-26 2007-12-18 Diebold Self-Service Systems, Division Of Diebold, Incorporated Cash dispensing automated banking machine firmware authentication system and method
GB2399209B (en) 2003-03-06 2006-09-13 Fortunatus Holdings Ltd Secure transaction system
US7953663B1 (en) * 2003-09-04 2011-05-31 Jpmorgan Chase Bank, N.A. System and method for financial instrument pre-qualification and offering
US7526652B2 (en) * 2003-09-04 2009-04-28 Accullink, Inc. Secure PIN management
US7090128B2 (en) * 2003-09-08 2006-08-15 Systems And Software Enterprises, Inc. Mobile electronic newsstand
US20050131834A1 (en) * 2003-12-11 2005-06-16 International Business Machines Corporation E-commerce by check
US20050154643A1 (en) * 2004-01-08 2005-07-14 International Business Machines Corporation Purchasing information requested and conveyed on demand
US7992776B1 (en) 2004-03-31 2011-08-09 Diebold Self-Service Systems Division Of Diebold, Incorporated Automated banking machine with nonconctact reading of card data
US7853782B1 (en) * 2004-04-14 2010-12-14 Sprint Spectrum L.P. Secure intermediation system and method
GB0416857D0 (en) 2004-07-29 2004-09-01 Ingenico Uk Ltd Electronic financial transactions
WO2006023839A2 (en) 2004-08-18 2006-03-02 Mastercard International Incorporated Method and system for authorizing a transaction using a dynamic authorization code
US7870201B2 (en) 2004-12-03 2011-01-11 Clairmail Inc. Apparatus for executing an application function using a mail link and methods therefor
US20060136739A1 (en) 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device
US7711586B2 (en) * 2005-02-24 2010-05-04 Rearden Corporation Method and system for unused ticket management
US7587502B2 (en) * 2005-05-13 2009-09-08 Yahoo! Inc. Enabling rent/buy redirection in invitation to an online service
US9768963B2 (en) 2005-12-09 2017-09-19 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
EP1798943A1 (en) 2005-12-13 2007-06-20 Axalto SA SIM messaging client
US7664699B1 (en) * 2005-12-21 2010-02-16 Symantec Corporation Automatic generation of temporary credit card information
US20070255662A1 (en) * 2006-03-30 2007-11-01 Obopay Inc. Authenticating Wireless Person-to-Person Money Transfers
US7512567B2 (en) 2006-06-29 2009-03-31 Yt Acquisition Corporation Method and system for providing biometric authentication at a point-of-sale via a mobile device
US20080103984A1 (en) 2006-10-30 2008-05-01 Mobilekash, Inc. System, Method, and Computer-Readable Medium for Mobile Payment Authentication and Authorization
US20080189209A1 (en) 2007-02-05 2008-08-07 First Data Corporation Real-Time Funds Transfer
US20090012901A1 (en) * 2007-02-14 2009-01-08 Mpower Mobile, Inc. Multifactor authentication system for "cash back" at the point of sale
US8818879B2 (en) 2007-09-04 2014-08-26 First Data Corporation Data element specific transaction routing
US10579920B2 (en) * 2007-12-24 2020-03-03 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US20120047070A1 (en) 2008-04-02 2012-02-23 Jennifer Pharris ATM/KIOSK Cash Acceptance
US20100051686A1 (en) * 2008-08-29 2010-03-04 Covenant Visions International Limited System and method for authenticating a transaction using a one-time pass code (OTPK)
LU91488B1 (en) * 2008-10-17 2010-04-19 Robert Carter Multifactor Authentication
FR2939967B1 (en) 2008-12-12 2011-03-18 Thales Sa INFRARED DETECTOR WITH EXTENDED SPECTRAL RESPONSE IN THE VISIBLE
US8825548B2 (en) * 2009-06-30 2014-09-02 Ebay Inc. Secure authentication between multiple parties
US8332320B2 (en) 2009-08-31 2012-12-11 Novell, Inc. Techniques for remote controlled physical transactions with dynamic key generation and authentication
US8630907B2 (en) 2009-09-30 2014-01-14 Ebay Inc. Secure transactions using a point of sale device
US8548912B2 (en) 2010-04-02 2013-10-01 Bank Of America Corporation Transaction pre-processing with mobile device for a currency dispensing device
US8336088B2 (en) * 2010-04-19 2012-12-18 Visa International Service Association Alias management and value transfer claim processing
US20120028609A1 (en) 2010-07-27 2012-02-02 John Hruska Secure financial transaction system using a registered mobile device
US20120187187A1 (en) 2011-01-20 2012-07-26 Lai Games Australia Pty Ltd Two-way symbological communication between electronic devices
US20120197797A1 (en) 2011-01-31 2012-08-02 Bank Of America Corporation Pending atm transactions
US20120197796A1 (en) * 2011-01-31 2012-08-02 Nathan Dent Cash dispensing at atm
US20120239570A1 (en) * 2011-03-15 2012-09-20 Ing Bank, Fsb (Dba Ing Direct) Systems and methods for performing ATM transactions using active authentication
US20120303534A1 (en) 2011-05-27 2012-11-29 Tomaxx Gmbh System and method for a secure transaction
WO2013028901A2 (en) * 2011-08-23 2013-02-28 Visa International Service Association Authentication process for value transfer machine
WO2013030847A1 (en) 2011-08-26 2013-03-07 Sarvatra Technologies Pvt. Ltd. A computer implemented multi-level transaction authorization banking support system and method thereof
US8924712B2 (en) * 2011-11-14 2014-12-30 Ca, Inc. Using QR codes for authenticating users to ATMs and other secure machines for cardless transactions
US10528944B2 (en) 2012-04-13 2020-01-07 Mastercard International Incorporated Systems, methods, and computer readable media for conducting a transaction using cloud based credentials
US20150058216A1 (en) * 2013-08-21 2015-02-26 Sergio Luciani ATM Enabling Interface with Mobile Technology
SG10201508081TA (en) * 2015-09-29 2017-04-27 Mastercard International Inc Method and system for dynamic pin authorisation for atm or pos transactions
US10523437B2 (en) * 2016-01-27 2019-12-31 Lg Electronics Inc. System and method for authentication of things
US10475015B2 (en) * 2016-04-26 2019-11-12 Ncr Corporation Token-based security processing

Patent Citations (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5053957A (en) * 1987-10-23 1991-10-01 Omron Tateisi Electronics Co. Electronic cash register having discount prices selected by customer level
US5206905A (en) * 1989-05-15 1993-04-27 Dallas Semiconductor Corp. Password protected device using incorrect passwords as seed values for pseudo-random number generator for outputting random data to thwart unauthorized accesses
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US20030028481A1 (en) 1998-03-25 2003-02-06 Orbis Patents, Ltd. Credit card system and method
US20100059587A1 (en) 1998-04-17 2010-03-11 Diebold Self-Service Systems Division Of Diebold, Incorporated Banking system controlled responsive to data bearing records
US20050043011A1 (en) * 1999-09-20 2005-02-24 Numerex Corp. Method and system for refining vending operations based on wireless data
US20030149662A1 (en) 2000-02-10 2003-08-07 Jon Shore Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers
US20050077349A1 (en) * 2000-03-07 2005-04-14 American Express Travel Related Services Company, Inc. Method and system for facilitating a transaction using a transponder
US20030172272A1 (en) * 2000-05-24 2003-09-11 Ehlers Gavin Walter Authentication system and method
US20030177361A1 (en) * 2000-08-04 2003-09-18 Wheeler Lynn Henry Method and system for using electronic communications for an electronic contract
US20100223182A1 (en) 2000-09-26 2010-09-02 Battaglini Stephen D Integrated Technology Money Transfer System
US20040059952A1 (en) * 2000-12-14 2004-03-25 Peter Newport Authentication system
US20030014633A1 (en) * 2001-07-12 2003-01-16 Gruber Thomas Robert Method and system for secure, authorized e-mail based transactions
US20030115147A1 (en) * 2001-08-27 2003-06-19 Feldman Timothy R. Secure access method and system
US20030115146A1 (en) * 2001-08-27 2003-06-19 Dataplay, Inc. System and method for detecting unauthorized copying of encrypted data
US7822666B1 (en) * 2001-10-29 2010-10-26 Mcafee, Inc. Secure single-use transaction numbers
US10990933B2 (en) * 2002-01-15 2021-04-27 Tara Chand Singhal System and method for a private and secure financial transaction system using an ATM
US20050246293A1 (en) * 2002-03-04 2005-11-03 Ong Yong K Electronic transfer system
US7350230B2 (en) 2002-12-18 2008-03-25 Ncr Corporation Wireless security module
US20040143633A1 (en) * 2003-01-18 2004-07-22 International Business Machines Corporation Instant messaging system with privacy codes
US10839647B2 (en) * 2003-10-01 2020-11-17 Everi Payments Inc. Multi-function cashless gaming ATM
US20050155060A1 (en) * 2004-01-13 2005-07-14 Sanden Corporation Display system for vending machine
US20060006224A1 (en) 2004-07-06 2006-01-12 Visa International Service Association, A Delaware Corporation Money transfer service with authentication
US7865448B2 (en) 2004-10-19 2011-01-04 First Data Corporation Methods and systems for performing credit transactions with a wireless device
US20070088952A1 (en) * 2004-12-21 2007-04-19 Richard Jacka Authentication device and/or method
US20060190345A1 (en) * 2004-12-30 2006-08-24 Inspired Broadcast Networks Limited Vending equipment
US7743409B2 (en) * 2005-07-08 2010-06-22 Sandisk Corporation Methods used in a mass storage device with automated credentials loading
US20070016941A1 (en) * 2005-07-08 2007-01-18 Gonzalez Carlos J Methods used in a mass storage device with automated credentials loading
US7861077B1 (en) * 2005-10-07 2010-12-28 Multiple Shift Key, Inc. Secure authentication and transaction system and method
US20070124242A1 (en) 2005-11-15 2007-05-31 Reis A D Jr Funds transfer system
US20070203850A1 (en) 2006-02-15 2007-08-30 Sapphire Mobile Systems, Inc. Multifactor authentication system
US20070203835A1 (en) 2006-02-27 2007-08-30 Yigang Cai Automated teller service using wireless telephony
US7562813B2 (en) 2006-05-10 2009-07-21 First Data Corporation System and method for activating telephone-based payment instrument
US7540408B2 (en) 2006-06-22 2009-06-02 Hip Consult Inc. Apparatus and method for facilitating money or value transfer
US20080022089A1 (en) * 2006-06-26 2008-01-24 Leedom Charles M Security system for handheld wireless devices using-time variable encryption keys
US20080052245A1 (en) * 2006-08-23 2008-02-28 Richard Love Advanced multi-factor authentication methods
US20080172340A1 (en) 2007-01-15 2008-07-17 Thomas Karlsson Method and system for carrying out a transaction between a mobile device and a terminal
US20090024506A1 (en) 2007-07-18 2009-01-22 Houri Marc Cellphone activated atm transactions
US20090104888A1 (en) 2007-10-17 2009-04-23 First Data Corporation Onetime Passwords For Mobile Wallets
US20090112768A1 (en) 2007-10-25 2009-04-30 Ayman Hammad Payment transaction using mobile phone as relay
US20100185860A1 (en) 2007-11-19 2010-07-22 Ezmcom, Inc. Method for authenticating a communication channel between a client and a server
US20090216680A1 (en) * 2008-02-26 2009-08-27 Battelle Energy Alliance, Llc Systems and Methods for Performing File Distribution and Purchase
US20090271276A1 (en) 2008-04-24 2009-10-29 Qualcomm Incorporated Electronic payment system
US20100046553A1 (en) * 2008-08-20 2010-02-25 Esther Finale LLC Data packet generator for generating passcodes
US20100089998A1 (en) * 2008-10-13 2010-04-15 Sandstrom Ronald W Electronic Transaction Security System and Method
US20100114773A1 (en) 2008-10-31 2010-05-06 First Data Corporation Systems, Methods, And Apparatus For Using A Contactless Transaction Device Reader With A Computing System
US20110016047A1 (en) 2009-07-16 2011-01-20 Mxtran Inc. Financial transaction system, automated teller machine (atm), and method for operating an atm
US8843757B2 (en) * 2009-11-12 2014-09-23 Ca, Inc. One time PIN generation
US20110159844A1 (en) * 2009-12-28 2011-06-30 Nokia Corporation Method and apparatus for user interaction while device is locked
US20110244798A1 (en) * 2010-02-24 2011-10-06 Wherepro, Llc Data Packet Generator and Implementations of Same
US20110238573A1 (en) 2010-03-25 2011-09-29 Computer Associates Think, Inc. Cardless atm transaction method and system
US11107072B2 (en) * 2010-04-09 2021-08-31 Paypal, Inc. Mobile phone ATM processing methods and systems
US11042877B2 (en) * 2011-03-15 2021-06-22 Capital One Services, Llc Systems and methods for performing ATM fund transfer using active authentication
US10108959B2 (en) * 2011-03-15 2018-10-23 Capital One Services, Llc Systems and methods for performing ATM fund transfer using active authentication
US10789580B2 (en) * 2011-03-15 2020-09-29 Capital One Services, Llc Systems and methods for performing ATM fund transfer using active authentication
US10453062B2 (en) * 2011-03-15 2019-10-22 Capital One Services, Llc Systems and methods for performing person-to-person transactions using active authentication
US20130332366A1 (en) * 2012-06-08 2013-12-12 Fmr Llc Mobile Device Software Radio for Securely Passing Financial Information between a Customer and a Financial Services Firm
US10762483B2 (en) * 2014-03-04 2020-09-01 Bank Of America Corporation ATM token cash withdrawal
US20190036915A1 (en) * 2014-03-28 2019-01-31 Netiq Corporation Time-based one time password (totp) for network authentication
KR20160007153A (en) * 2014-07-11 2016-01-20 중소기업은행 Financial transaction system using security intensification one time password and method thereof
US10853778B2 (en) * 2014-07-21 2020-12-01 Paypal, Inc. Secure cardless cash withdrawal
US20190043045A1 (en) * 2016-01-29 2019-02-07 Xard Group Pty Ltd Limited operational life password for digital transactions
US20170337625A1 (en) * 2016-05-18 2017-11-23 Fannie Mae Using automated data validation in loan origination to evaluate credit worthiness and data reliability
US20170357799A1 (en) * 2016-06-12 2017-12-14 Logmein, Inc. Tracking and managing multiple time-based one-time password (TOTP) accounts

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
D. M'Raihi., et al. "TOTP: Time-based One-time Password Algorithm" (Year: 2008). *

Also Published As

Publication number Publication date
US20120239572A1 (en) 2012-09-20
US11042877B2 (en) 2021-06-22
US11836724B2 (en) 2023-12-05
US20150106275A1 (en) 2015-04-16
US20190034930A1 (en) 2019-01-31
US20210374748A1 (en) 2021-12-02
US20230059316A1 (en) 2023-02-23
US10108959B2 (en) 2018-10-23

Similar Documents

Publication Publication Date Title
US11836724B2 (en) Systems and methods for performing ATM fund transfer using active authentication
US11443290B2 (en) Systems and methods for performing transactions using active authentication
US10453062B2 (en) Systems and methods for performing person-to-person transactions using active authentication
US11568405B2 (en) Identification and verification for provisioning mobile application
US20120239570A1 (en) Systems and methods for performing ATM transactions using active authentication
US20220391891A1 (en) Secure Authentication System With Token Service
CN107251595B (en) Secure authentication of users and mobile devices
AU2010306566B2 (en) Anti-phishing system and method including list with user data
EP3917079A1 (en) Authentication systems and methods using timestamp comparison
US20150371221A1 (en) Two factor authentication for invoicing payments
US20150302409A1 (en) System and method for location-based financial transaction authentication
US20130275308A1 (en) System for verifying electronic transactions
US20130185209A1 (en) Transaction-based one time password (otp) payment system
US11631085B2 (en) Digital access code
US10489565B2 (en) Compromise alert and reissuance
US20210241266A1 (en) Enhancing 3d secure user authentication for online transactions
US20200342459A1 (en) Trusted customer identity systems and methods

Legal Events

Date Code Title Description
AS Assignment

Owner name: ING BANK, FSB (DBA ING DIRECT), DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WOLFS, RUDOLPH CHRISTIAN;PINSKI, DAVID AARON;SIGNING DATES FROM 20110405 TO 20110408;REEL/FRAME:026124/0651

AS Assignment

Owner name: ING DIRECT N.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ING BANK, FSB;SHAREBUILDER CORPORATION (FORMERLY KNOWN AS NETSTOCK CORPORATION);REEL/FRAME:027742/0023

Effective date: 20120217

AS Assignment

Owner name: CAPITAL ONE FINANCIAL CORPORATION, VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ING BANK, N.V.;REEL/FRAME:033334/0340

Effective date: 20140708

AS Assignment

Owner name: ING BANK N.V., NETHERLANDS

Free format text: MERGER;ASSIGNOR:ING DIRECT N.V.;REEL/FRAME:034889/0820

Effective date: 20140331

AS Assignment

Owner name: CAPITAL ONE SERVICES, LLC, VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CAPITAL ONE FINANCIAL CORPORATION;REEL/FRAME:045182/0872

Effective date: 20171231

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE